On Tue, Jun 27, 2006 at 02:47:35PM -0700, Dustin Jenkins wrote:
>
> Thanks for the response.
>
> The dc_accept_relay should've been dc_host_accept_relay, I should've taken
> that out, thanks for pointing to it.
>
> Here's a snippet from my /var/log/exim4/mainlog, the paniclog and reject log
> are empty. As you can see there are all kinds of different addresses from
> arbitrary traffic going to arbitrary domains. Mostly it gets denied, but
> sometimes it succeeds with a 'Completed' message, but what I want is for it
> to not try at all! I would've thought that I shouldn't be seeing any of this
> stuff.
>
> <LOG-SNIPPET>
> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H <= <> R=1FrfGX-0002bI-3K U=Debian-exim
> P=local S=2482
> 2006-06-26 22:14:46 1FrfGX-0002bI-3K Completed
> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H ** [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> R=dnslookup T=remote_smtp: retry time
> not reached for any host after a long failure period
> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H Frozen (delivery error message)
> 2006-06-26 22:14:47 1FrfX0-0003LM-4v => [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp H=cluster6.us.messagelabs.com [216.82.249.195]
> X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
> 2006-06-26 22:14:47 1FrfX0-0003LM-4v Completed
> 2006-06-26 22:14:47 1FrfEe-0002Z2-BA a.mx0.gatewaydefender.com
> [209.153.138.190] Connection timed out
> 2006-06-26 22:14:50 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED]: an MX or SRV
> record indicated no SMTP service
> 2006-06-26 22:14:51 1FrfWq-0003L8-M0 => [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp H=wppim001.aexp.com [193.32.34.92]
> X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
> 2006-06-26 22:14:51 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL
> PROTECTED]>: host mailhub-new.vianetworks.nl [212.61.15.154]: 554 Service
> unavailable; Client host [24.68.130.247] blocked using safe.dnsbl.sorbs.net;
> Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?24.68.130.247
> 2006-06-26 22:14:53 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL
> PROTECTED]>: host mx10.uni.net [217.72.103.201]: 550 5.1.1 <[EMAIL
> PROTECTED]> User unknown; rejecting
> 2006-06-26 22:14:54 1FrfWq-0003L8-M0 => [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp H=mail.atriniti.com [68.15.40.154]
> 2006-06-26 22:14:55 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<[EMAIL
> PROTECTED]> SIZE=2513: host mx2.earthlink.net [209.86.93.227]: 550 Dynamic
> IPs/open relays blocked. Contact <[EMAIL PROTECTED]>.
> 2006-06-26 22:14:56 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL
> PROTECTED]>: host URO.COM.INBOUND15.MXLOGIC.NET [208.65.145.3]: 550 Recipient
> unknown
> 2006-06-26 22:14:57 1FrfWq-0003L8-M0 => [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp H=mx4.hotmail.com [65.54.245.104]
> 2006-06-26 22:14:58 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp: SMTP error from remote mail server after initial connection:
> host mailin-02.mx.netscape.net [205.188.158.57]: 554- (RTR:BB)
> http://postmaster.info.aol.com/errors/554rtrbb.html\n554 Connecting IP:
> 24.68.130.247
> 2006-06-26 22:14:58 1FrfWq-0003L8-M0 == [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT
> TO:<[EMAIL PROTECTED]>: host mailwash16.pair.com [66.39.2.16]: 450 <[EMAIL
> PROTECTED]>: Recipient address rejected: Service temporarily unavailable
> 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ => [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp H=msa-mx2.hinet.net [168.95.5.113]
> 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ Completed
> 2006-06-26 22:15:04 1FrfWK-0003LL-Hx ** [EMAIL PROTECTED] R=dnslookup
> T=remote_smtp: SMTP error from remote mail server
> after RCPT TO:<[EMAIL PROTECTED]>: host mx3.nownuri.net [203.238.128.89]: 550
> 5.1.1 k2000 Unknown User
> </LOG-SNIPPET>
>
> When you say obfuscated, are you referring to the configuration in general or
> specific components?
This doesn't show a complete log of any transaction.
Run
exigrep -l 1FrfWq-0003L8-M0 /var/log/exim4/maillog*
It's the "<=" mark that tells where their coming from.
Are you running a web server on this machine too?
And please don't top-post.
Steven.
--
A new dramatist of the absurd
Has a voice that will shortly be heard.
I learn from my spies
He's about to devise
An unprintable three-letter word.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
