Hi, I am pretty sure that i have a breach in my security. I doubled the capacity of SMTP accepted
smtp_accept_max = 100 (instead of 50) smtp_accept_max_per_host = 50 (instead of 25) and it has been fullfilled while there was only 2 internal users connected ! I made some "open relay" tests. All say "ok" How can I really test my security and/or trace these spammers ? Thank you if you can help and sorry for my poor english. Paul. Paul LUNETTA a écrit : > Hi, > > As I have no answer, I just add some others exim logs for those who > could perhaps help me have a clue. > Just before having the "too much SMTP connections" I have this : > > 2007-10-22 00:23:16 rejected HELO from [123.220.223.126]: syntactically > invalid argument(s): H\216\213 > 2007-10-22 00:23:59 rejected HELO from [123.220.223.126]: syntactically > invalid argument(s): H\216\213 > 2007-10-22 00:24:29 rejected HELO from [123.220.223.126]: syntactically > invalid argument(s): H\216\213 > 2007-10-22 00:24:30 rejected HELO from [123.220.223.126]: syntactically > invalid argument(s): H\216\213 > 2007-10-22 00:27:52 1Ijdea-00012h-6F demime acl condition: base64 line > contains illegal character > 2007-10-22 00:47:58 1Ijdy0-0001AK-3h demime acl condition: base64 line > contains illegal character > 2007-10-22 01:02:53 Start queue run: pid=4879 > 2007-10-22 01:02:53 1IjADj-0000h9-9z Unfrozen by auto-thaw > 2007-10-22 01:02:53 1IjADj-0000h9-9z ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:53 1IjADj-0000h9-9z Frozen (delivery error message) > 2007-10-22 01:02:53 1Ij9m7-0000Vv-Fv Message is frozen > 2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd Unfrozen by auto-thaw > 2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd Frozen (delivery error message) > 2007-10-22 01:02:53 1Ij6K5-0007UW-IK Unfrozen by auto-thaw > 2007-10-22 01:02:53 1Ij6K5-0007UW-IK ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:53 1Ij6K5-0007UW-IK Frozen (delivery error message) > 2007-10-22 01:02:53 1Ij60A-0007Mk-Io Unfrozen by auto-thaw > 2007-10-22 01:02:53 1Ij60A-0007Mk-Io ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:53 1Ij60A-0007Mk-Io Frozen (delivery error message) > 2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs Unfrozen by auto-thaw > 2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs Frozen (delivery error message) > 2007-10-22 01:02:53 1IizF9-0004Sx-4u Unfrozen by auto-thaw > 2007-10-22 01:02:53 1IizF9-0004Sx-4u ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:53 1IizF9-0004Sx-4u Frozen (delivery error message) > 2007-10-22 01:02:53 1IixJx-0000be-UN Unfrozen by auto-thaw > 2007-10-22 01:02:54 1IixJx-0000be-UN ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:54 1IixJx-0000be-UN Frozen (delivery error message) > 2007-10-22 01:02:54 1IiyQG-00048A-9f Unfrozen by auto-thaw > 2007-10-22 01:02:54 1IiyQG-00048A-9f ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:54 1IiyQG-00048A-9f Frozen (delivery error message) > 2007-10-22 01:02:54 1IizJM-0004Uw-8k Unfrozen by auto-thaw > 2007-10-22 01:02:54 1IizJM-0004Uw-8k ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:54 1IizJM-0004Uw-8k Frozen (delivery error message) > 2007-10-22 01:02:54 1Ij06y-0004q8-MV Unfrozen by auto-thaw > 2007-10-22 01:02:54 1Ij06y-0004q8-MV ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:54 1Ij06y-0004q8-MV Frozen (delivery error message) > 2007-10-22 01:02:54 1Ij1WP-0005Qc-IX Unfrozen by auto-thaw > 2007-10-22 01:02:54 1Ij1WP-0005Qc-IX ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:54 1Ij1WP-0005Qc-IX Frozen (delivery error message) > 2007-10-22 01:02:54 1Ij5PQ-00076J-Fs Unfrozen by auto-thaw > 2007-10-22 01:02:54 1Ij5PQ-00076J-Fs ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:54 1Ij5PQ-00076J-Fs Frozen (delivery error message) > 2007-10-22 01:02:54 1Ij8LN-0008K6-7C Unfrozen by auto-thaw > 2007-10-22 01:02:54 1Ij8LN-0008K6-7C ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:54 1Ij8LN-0008K6-7C Frozen (delivery error message) > 2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa Unfrozen by auto-thaw > 2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa ** [EMAIL PROTECTED]: > Unrouteable address > 2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa Frozen (delivery error message) > 2007-10-22 01:02:54 End queue run: pid=4879 > 2007-10-22 01:03:02 Connection from [210.23.1.3] refused: too many > connections > > *** > I guess it's a spammer trying to use our email domain name to send his > messages. > If you have any idea. I will also accept insults if i missed something > in documentation :) > > Thank you in advance. > > Paul. > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
