I have two mail servers. The primary is here in our office, the secondary in our NOC just in case our primary pipe goes down. The thing is, even if the primary is up and working, the secondary server gets an awful lot of mail -- nearly all of it spam as best I can tell. Most of it, if it's to an existing user, is accepted because we don't have any anti-spam stuff installed yet, but it's the following log entries that have me concerned.
Below you'll find what appears to be an attempt by someone in russia pretending to be from someone else in russia sending stuff to users that don't exist in our system. The secondary server appears to be bouncing these mails back to the fake sender -- obviously something Bad, but I'm not sure how to stop it as it all looks legit. Suggestions? # grep 1FdnXi-0006bg-Jb mainlog 2006-05-10 12:11:51 1FdnXi-0006bg-Jb <= [EMAIL PROTECTED] H=host79-102.pool8258.interbusiness.it [82.58.102.79] P=smtp S=25748 [EMAIL PROTECTED] 2006-05-10 12:11:52 1FdnXi-0006bg-Jb ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: host cohen.MYDOMAIN.com [MX0-IP]: 550 unknown user 2006-05-10 12:11:52 1FdnXi-0006bg-Jb ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: host cohen.MYDOMAIN.com [MX0-IP]: 550 unknown user 2006-05-10 12:11:52 1FdnXi-0006bg-Jb ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: host cohen.MYDOMAIN.com [MX0-IP]: 550 unknown user 2006-05-10 12:11:52 1FdnXi-0006bg-Jb ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: host cohen.MYDOMAIN.com [MX0-IP]: 550 unknown user 2006-05-10 12:11:52 1FdnXk-0006bo-87 <= <> R=1FdnXi-0006bg-Jb U=mailnull P=local S=27199 2006-05-10 12:11:52 1FdnXi-0006bg-Jb Completed # grep 1FdnXk-0006bo-87 mainlog 2006-05-10 12:11:52 1FdnXk-0006bo-87 <= <> R=1FdnXi-0006bg-Jb U=mailnull P=local S=27199 2006-05-10 12:11:55 1FdnXk-0006bo-87 ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: host smtp.rbc.ru [80.68.240.83]: 550 <[EMAIL PROTECTED]>: User unknown in relay recipient table 2006-05-10 12:11:55 1FdnXk-0006bo-87 Frozen (delivery error message) 2006-05-10 12:28:42 1FdnXk-0006bo-87 Message is frozen 2006-05-10 12:58:42 1FdnXk-0006bo-87 Message is frozen 2006-05-10 13:29:58 1FdnXk-0006bo-87 Message is frozen -- I hope that we shall crush in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength, and bid defiance to the laws of our country. - Thomas Jefferson, 1816 -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
