On 12/29/05, Alan J. Flavell <[EMAIL PROTECTED]> wrote: > Something is provoking your exim into attempting to look up > the name smtp05.dc2.safesecureweb.com in the early stages of > the transaction from IP 81.161.250.78. > > Could it be that these abusers are trying to present that domain in > the HELO/EHLO, and your exim configuration causes it to be verified? > Thanks for the reply Alan. Good question. I can't tell where my config would allow it to get this far, but I'm no exim pro either. Maybe I'm missing something. I only modified the default config enough to make it work in it's capacity as our SMTP gateway server, only relaying mail for our domains. I used the exim doc/specs and Phil Hazel's latest book to configure it. Should I post my config, minus the comments?
> so the report seems to be correct; the specific puzzle is what's > prompting exim to attempt the lookup. > That's exactly what I've been wondering. As we can see in the log entries (in my previous post) immediately following the "NULL" entry, it seems that this connection attempt from 81.161.250.78 goes thru 3 separate "phases", and is finally rejected in the 3rd phase as an attempt to exploit an "open relay". So what exactly did exim think the first two "phases" were? I finally removed the troublesome smpt05 entry from my "relay_from_hosts" list in my exim config. This has eliminated those NULL entries in the log, but now I'm wondering what I'm not seeing. :( > good luck > Thanks! -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
