On Mon, 2008-03-17 at 09:42 -0400, Grant Peel wrote: > What I need to know, is how did the original message (log line 1) get into my > server at all? How can I beef up the loggin to tell me if it was a localy > generated message, or if Ihave a hacked account. (password 'guessed').?
The original message was generated systematically - it's a bounce. > 2008-03-16 18:36:06 1Jb1SX-000Eu2-Ll <= <> R=1Jb1SV-000Etp-55 U=mailnull P=local S=1185 The "R=" part shows the Exim message ID which caused the bounce. Grep that out of your logs to see what caused it. I'll punt one probably cause: you're not doing SMTP time rejection, but are accepting and bouncing for invalid recipients. Graeme -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
