-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Wayne Sent: 28 June 2006 13:46 To: [email protected] Subject: Re: [exim] Stopping arbitrary traffic
On Tue, Jun 27, 2006 at 02:47:35PM -0700, Dustin Jenkins wrote: > > Thanks for the response. > > The dc_accept_relay should've been dc_host_accept_relay, I should've taken that out, thanks for pointing to it. > > Here's a snippet from my /var/log/exim4/mainlog, the paniclog and reject log are empty. As you can see there are all kinds of different addresses from arbitrary traffic going to arbitrary domains. Mostly it gets denied, but sometimes it succeeds with a 'Completed' message, but what I want is for it to not try at all! I would've thought that I shouldn't be seeing any of this stuff. > > <LOG-SNIPPET> > 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H <= <> R=1FrfGX-0002bI-3K U=Debian-exim P=local S=2482 > 2006-06-26 22:14:46 1FrfGX-0002bI-3K Completed > 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H ** [EMAIL PROTECTED] <[EMAIL PROTECTED]> R=dnslookup T=remote_smtp: retry time > not reached for any host after a long failure period > 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H Frozen (delivery error message) > 2006-06-26 22:14:47 1FrfX0-0003LM-4v => [EMAIL PROTECTED] R=dnslookup T=remote_smtp H=cluster6.us.messagelabs.com [216.82.249.195] X=TLS-1.0:RSA_AES_256_CBC_SHA1:32 > 2006-06-26 22:14:47 1FrfX0-0003LM-4v Completed > 2006-06-26 22:14:47 1FrfEe-0002Z2-BA a.mx0.gatewaydefender.com [209.153.138.190] Connection timed out > 2006-06-26 22:14:50 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED]: an MX or SRV record indicated no SMTP service > 2006-06-26 22:14:51 1FrfWq-0003L8-M0 => [EMAIL PROTECTED] R=dnslookup T=remote_smtp H=wppim001.aexp.com [193.32.34.92] X=TLS-1.0:RSA_AES_256_CBC_SHA1:32 > 2006-06-26 22:14:51 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: host mailhub-new.vianetworks.nl [212.61.15.154]: 554 Service unavailable; Client host [24.68.130.247] blocked using safe.dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?24.68.130.247 > 2006-06-26 22:14:53 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: host mx10.uni.net [217.72.103.201]: 550 5.1.1 <[EMAIL PROTECTED]> User unknown; rejecting > 2006-06-26 22:14:54 1FrfWq-0003L8-M0 => [EMAIL PROTECTED] R=dnslookup T=remote_smtp H=mail.atriniti.com [68.15.40.154] > 2006-06-26 22:14:55 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<[EMAIL PROTECTED]> SIZE=2513: host mx2.earthlink.net [209.86.93.227]: 550 Dynamic IPs/open relays blocked. Contact <[EMAIL PROTECTED]>. > 2006-06-26 22:14:56 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: host URO.COM.INBOUND15.MXLOGIC.NET [208.65.145.3]: 550 Recipient unknown > 2006-06-26 22:14:57 1FrfWq-0003L8-M0 => [EMAIL PROTECTED] R=dnslookup T=remote_smtp H=mx4.hotmail.com [65.54.245.104] > 2006-06-26 22:14:58 1FrfWq-0003L8-M0 ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server after initial connection: host mailin-02.mx.netscape.net [205.188.158.57]: 554- (RTR:BB) http://postmaster.info.aol.com/errors/554rtrbb.html\n554 Connecting IP: 24.68.130.247 > 2006-06-26 22:14:58 1FrfWq-0003L8-M0 == [EMAIL PROTECTED] R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: host mailwash16.pair.com [66.39.2.16]: 450 <[EMAIL PROTECTED]>: Recipient address rejected: Service temporarily unavailable > 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ => [EMAIL PROTECTED] R=dnslookup T=remote_smtp H=msa-mx2.hinet.net [168.95.5.113] > 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ Completed > 2006-06-26 22:15:04 1FrfWK-0003LL-Hx ** [EMAIL PROTECTED] R=dnslookup T=remote_smtp: SMTP error from remote mail server > after RCPT TO:<[EMAIL PROTECTED]>: host mx3.nownuri.net [203.238.128.89]: 550 5.1.1 k2000 Unknown User > </LOG-SNIPPET> > > When you say obfuscated, are you referring to the configuration in general or specific components? This doesn't show a complete log of any transaction. Run exigrep -l 1FrfWq-0003L8-M0 /var/log/exim4/maillog* It's the "<=" mark that tells where their coming from. Are you running a web server on this machine too? And please don't top-post. Steven. -- A new dramatist of the absurd Has a voice that will shortly be heard. I learn from my spies He's about to devise An unprintable three-letter word. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ This message has been scanned for content and viruses by the DIT Information Services MailScanner Service and is believed to be clean. http://www.dit.ie This message has been scanned for content and viruses by the DIT Information Services MailScanner Service and is believed to be clean. http://www.dit.ie -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
