Grant Peel wrote: > Hi all, > > I have been wrestling with my servers trying to cut down on the amount of > spam we are sending. > > Can someone translate these log lines: > > 2008-03-16 18:36:06 1Jb1SX-000Eu2-Ll <= <> R=1Jb1SV-000Etp-55 U=mailnull > P=local S=1185 > ... > 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll ** [EMAIL PROTECTED] R=dnslookup > T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[EMAIL > PROTECTED]>: host borland-mxa.mail.eds.net [192.85.154.83]: 550 5.1.2 <[EMAIL > PROTECTED]>... Rejected: 69.90.69.141 Backscatter > 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll [EMAIL PROTECTED]: error ignored > 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll Completed > > it looks to me as if the original message was rejected because the remote > mail host seen my server as a spammer. > > What I need to know, is how did the original message (log line 1) get into my > server at all? How can I beef up the loggin to tell me if it was a localy > generated message, or if Ihave a hacked account. (password 'guessed').? > > -Grant
It's a bounce message generated by your server. Look for an email from [EMAIL PROTECTED] heading into your server. See what it was doing. My guess is that you're accepting email that you shouldn't and subsequently bouncing it. Make sure you are checking for valid recipient before you accept the email at RCPT time. The remote server is rejecting you because you are trying to bounce a message to them that they don't seem to have sent. My guess is that they keep track of every single outgoing email from/to and don't accept bounces that don't match up. -- The Exim Manual http://www.exim.org/docs.html http://www.exim.org/exim-html-current/doc/html/spec_html/index.html -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
