On 19/01/2007 12:48, Markus Hardiyanto wrote: > no, it's not a gateway. it's a web host server.
The IP you provided was delisted on Wednesday morning, then relisted yesterday afternoon. Sounds like time to analyse your Exim logs, doesn't it? eximstats < /var/log/exim/main.log (or whatever the path to your main logfile is) will give you a good bit of detail; you should be able to determine from there which local user is producing the mail. As it's a hosting server, I'd guess that you either allow unauthenticated relaying of MAIL FROM: [EMAIL PROTECTED], or authenticated relaying of anything. If the former, stop it as it's easily abused. If the latter, you should be able to work out which domain or user is doing the authentication before relaying. If it's user forwarding, that should also be fairly obvious. Have a go at it. You'll probably work it out straight away. Graeme -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
