Peter Bowyer wrote: > On 20/01/07, Markus Hardiyanto <[EMAIL PROTECTED]> wrote: >> i found this on EXIM log after implementing the HELO'ing ACL: >> >> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL >> PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Bad >> HELO - Host impersonating [keris.revti.net]" >> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL >> PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Bad HELO >> - Host impersonating [keris.revti.net]" >> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL >> PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Ba >> d HELO - Host impersonating [keris.revti.net]" >> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL >> PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Bad HELO >> - Host impersonating [keris.revti.net]" >> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<[EMAIL >> PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: "REJECTED - Bad >> HELO - Host impersonating [keris.revti.net]" >> >> it seems that it came from mailman. how to fix this? > > Your HELO acl probably should exclude localhost. But I can't see what > this has to do with your CBL listing..... >
CBL lists server which have sent mails to their spam traps. In these logs, I can see at least one very strange entry ([EMAIL PROTECTED]). From what it looks like, someone is probably abusing your instance of mailman to send spam. This is just a guess of course, but you should really verify your mailing lists.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
