----- Original Message ----- From: "Ted Cooper" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, March 17, 2008 9:52 AM Subject: Re: [exim] Better Tracking
> Grant Peel wrote: >> Hi all, >> >> I have been wrestling with my servers trying to cut down on the amount of >> spam we are sending. >> >> Can someone translate these log lines: >> >> 2008-03-16 18:36:06 1Jb1SX-000Eu2-Ll <= <> R=1Jb1SV-000Etp-55 U=mailnull >> P=local S=1185 >> ... >> 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll ** [EMAIL PROTECTED] R=dnslookup >> T=remote_smtp: SMTP error from remote mail server after RCPT >> TO:<[EMAIL PROTECTED]>: host borland-mxa.mail.eds.net [192.85.154.83]: >> 550 5.1.2 <[EMAIL PROTECTED]>... Rejected: 69.90.69.141 Backscatter >> 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll [EMAIL PROTECTED]: error ignored >> 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll Completed >> >> it looks to me as if the original message was rejected because the remote >> mail host seen my server as a spammer. >> >> What I need to know, is how did the original message (log line 1) get >> into my server at all? How can I beef up the loggin to tell me if it was >> a localy generated message, or if Ihave a hacked account. (password >> 'guessed').? >> >> -Grant > > It's a bounce message generated by your server. > > Look for an email from [EMAIL PROTECTED] heading into your server. See > what it was doing. > > My guess is that you're accepting email that you shouldn't and > subsequently bouncing it. Make sure you are checking for valid recipient > before you accept the email at RCPT time. > > The remote server is rejecting you because you are trying to bounce a > message to them that they don't seem to have sent. My guess is that they > keep track of every single outgoing email from/to and don't accept > bounces that don't match up. > -- > The Exim Manual > http://www.exim.org/docs.html > http://www.exim.org/exim-html-current/doc/html/spec_html/index.html > > -- > ## List details at http://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > > Excellent, Then when I grep the original message, I see this: 2008-03-16 18:36:05 1Jb1SV-000Etp-55 <= [EMAIL PROTECTED] U=mailnull P=spam-scanned S=3313 id=00 [EMAIL PROTECTED] 2008-03-16 18:36:05 1Jb1SV-000Etp-55 ** [EMAIL PROTECTED] <[EMAIL PROTECTED]> R=dnslooku remote_smtp: SMTP error from remote mail server after end of data: host mailin-01.mx.aol.com [20 8.156.248]: 554-: (HVU:B1) http://postmaster.info.aol.com/errors/554hvub1.html\n554 TRANSACTION LED So how do I figure out HOW it came to my server to begin with? -Grant -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
