i found this on EXIM log after implementing the HELO'ing ACL: 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Bad HELO - Host impersonating [keris.revti.net]" 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Bad HELO - Host impersonating [keris.revti.net]" 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Ba d HELO - Host impersonating [keris.revti.net]" 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Bad HELO - Host impersonating [keris.revti.net]" 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Bad HELO - Host impersonating [keris.revti.net]"
it seems that it came from mailman. how to fix this? Best Regards, Markus ----- Original Message ---- From: Graeme Fowler <[EMAIL PROTECTED]> To: exim-users <[email protected]> Sent: Friday, January 19, 2007 8:23:28 PM Subject: Re: [exim] my IP blacklisted at CBL issues with HELO'ing On 19/01/2007 12:48, Markus Hardiyanto wrote: > no, it's not a gateway. it's a web host server. The IP you provided was delisted on Wednesday morning, then relisted yesterday afternoon. Sounds like time to analyse your Exim logs, doesn't it? eximstats < /var/log/exim/main.log (or whatever the path to your main logfile is) will give you a good bit of detail; you should be able to determine from there which local user is producing the mail. As it's a hosting server, I'd guess that you either allow unauthenticated relaying of MAIL FROM: [EMAIL PROTECTED], or authenticated relaying of anything. If the former, stop it as it's easily abused. If the latter, you should be able to work out which domain or user is doing the authentication before relaying. If it's user forwarding, that should also be fairly obvious. Have a go at it. You'll probably work it out straight away. Graeme -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ Send instant messages to your online friends http://uk.messenger.yahoo.com -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
