On Sat, 2009-07-25 at 17:22 +0200, Peter wrote: > I was looking at my logs today, and i noticed a few ip's that had ~150 > tries, and got unexpected disconnection all of them, These are more then > likly spammers, not yet listed in spamhaus, but no sending/resciver > address was logged, i was wondering if it's possible to make some kind > of debug log of the connection from these ip's?, to see what they are up > to :-) > > > 2009-07-25 17:01:53 H=(swam.dounleet.com) [66.79.181.183] Warning: > Passed Greylistning, > 2009-07-25 17:02:43 H=(swam.dounleet.com) [66.79.181.183] Warning: > Warning: X-blacklisted-at: blackholes.five-ten-sg.com > 2009-07-25 17:02:43 unexpected disconnection while reading SMTP command > from (swam.dounleet.com) [66.79.181.183]
Unless you have some strange log_selector settings, this means that the remote end did one of the following: HELO/EHLO -> disconnect HELO/EHLO -> MAIL FROM -> disconnect If you want to have all connections logged differently if they have never received a MAIL FROM command, add +smtp_no_mail to your log_selectors. http://docs.exim.org/current/spec_html/ch49.html#SECTlogselector Since that domain is listed on SURBL and they sending side couldn't handle even a few seconds delay while you looked them up in a DNS blacklist, I would say it's not a host worth worrying about. -- The Exim manual - http://docs.exim.org -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
