On Tue, Mar 04, 2008 at 10:22:03AM -0500, Grant Peel wrote: > Matt, Peter and all, > > No these are backscatter bounces. > > Non existent addresses on my server(s) are being sent SPAM with forged > remote 'From:' addresses. Then, those spams are being bounced to the remote > address' (from my servers)!
Can you try something like the following for me:
cd /var/log/exim (or wherever your logs are kept)
grep '<= <> .* P=local' mainlog | head -5 | \
while read L ; do set $L ; \
zgrep -h ${6#R=} `ls -tr mainlog*` ; zgrep -h $3 `ls -tr mainlog*` ; \
echo; done
which basically picks a couple of examples of bounces being sent from your
server, and shows the log lines for both the original incoming message, and
the outgoing bounce. (Yeah, maybe there's a better way of doing that. It
works for me).
Please run that command and then paste the output back here, unaltered (i.e.
http://wiki.exim.org/DontObfuscate, just in case you were planning on doing
so). Thanks!
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
signature.asc
Description: Digital signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
