Hi,

I hope you changed the password on the server. Also try to implement Lena's 
block cracking:

https://github.com/Exim/exim/wiki/BlockCracking

Best Regards. 








 >-------- Оригинално писмо --------

 >От: Flan AlFlani [email protected]

 >Относно: Re: [exim] Exim server maillog are flood by spam attemps?

 >До: kuncho pencho  

 >Изпратено на: 15.07.2016 05:12



    
   .abv-omExternalClass .EmailQuote { margin-left: 1.0pt; padding-left: 4.0pt; 
border-left: #800000 2.0px solid; }   
 
   
   .abv-omExternalClass p { margin-top: 0; margin-bottom: 0; }   
    
     
    
 
hi 
   
    
 [email protected] is in one laptop and I change the password and 
shutdown that laptop and still.   
       
     
     
    
      From:  Exim-users   on behalf of kuncho pencho  
  Sent:  Wednesday, July 13, 2016 1:43:25 PM
  To:  [email protected]
  Subject:  Re: [exim] Exim server maillog are flood by spam attemps?  
     
     

      
     
    
     
     
     Hi,
     
 
     
 Do you check for compromissed account? Who is

 [email protected] ?

 
     
 
     
 Best Regards.
     
 
     
 
     
 
     
 
     
 
     
 
     
 
     
 
     
 
>-------- Оригинално писмо --------
     
 
     
 
>От: Flan AlFlani [email protected]
     
 
     
 
>Относно: Re: [exim] Exim server maillog are flood by spam attemps?
     
 
     
 
>До: kuncho pencho
 
     
 
     
 
>Изпратено на: 13.07.2016 16:20
     
 
     
 
     
 
     
 


 
     
 

 .abv-omExternalClass .EmailQuote { margin-left: 1.0pt; padding-left: 4.0pt; 
border-left: #800000 2.0px solid; }

 
     
 

     
 

 
     
 

 .abv-omExternalClass p { margin-top: 0; margin-bottom: 0; }

 
     
 


 
     
 



 
     
 


 
     
 


 
     
 



 
     
 



 hide mysql_servers = localhost/AlDimnaEmailSystem/exim/IChangeThePassword
     
 




 
     
 



 
     
 



 addresslist 
     
 noautoreply_senders = /etc/mail.d/exim.d/conf.d/01-autoreply.noanswer.list
     
 
     
 




 
     
 



 
     
 



 SPAM_FILESIZE_LIMIT = 1M
     
 




 
     
 



 
     
 



 VIRUS_FILESIZE_LIMIT = 32M
     
 




 
     
 



 
     
 



 MYSQL_LOG=INSERT INTO `spamlog` ( `ID`, `MessageID`, `SenderIP`, `SenderPort`, 
`SenderHostname`, `SenderHelo`, `SenderAddress`, `RecipientAddress`, 
`Username`, `Domain`, `LoadAverage`, `SpamScore`, `MessageSize`, `BodySize`, 
`MessageLines`, `BodyLines`, `ReceivedHeaders`, `ReceivedProtocol`, `Cipher`, 
`Authenticated`, `SenderVerify`, `Age`, `TimeStamp`) \
     
 




 
     
 



 
     
 





 VALUES( '${quote_mysql:$message_exim_id}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$header_Message-ID:}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$sender_host_address}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$sender_host_port}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$sender_host_name}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$sender_helo_name}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$sender_address}', \
     
 




 
     
 



 
     
 





 
CONCAT('${quote_mysql:$original_local_part}','@','${quote_mysql:$original_domain}'),
 \
     
 




 
     
 



 
     
 





 '${quote_mysql:$local_part}', '${quote_mysql:$domain}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$load_average}/1000', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$header_X-Spam-Score:}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$message_size}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$message_body_size}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$message_linecount}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$body_linecount}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$received_count}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$received_protocol}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$tls_cipher}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$authenticated_id}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$header_X-Sender-Verify:}', \
     
 




 
     
 



 
     
 





 '${quote_mysql:$message_age}', \
     
 




 
     
 



 
     
 





 NOW() )
     
 




 
     
 



 
     
 



 CHECK_MAIL_HELO_ISSUED = 1
     
 




 
     
 



 
     
 



 primary_hostname = smtp.aldimna.com
     
 




 
     
 



 
     
 



 smtp_active_hostname = ${if eq{$interface_address}{46.102.240.223}\
     
 




 
     
 



 
     
 



 
     
 

     
 {aldimna.com}{smtp.aldimna.com}}
     
 




 
     
 



 
     
 



 domainlist local_domains = ${lookup mysql {\
     
 




 
     
 



 
     
 





 SELECT domain FROM user WHERE domain='${quote_mysql:$domain}' \
     
 




 
     
 



 
     
 





 UNION \
     
 




 
     
 



 
     
 





 SELECT domain FROM alias WHERE domain='${quote_mysql:$domain}' \
     
 




 
     
 



 
     
 





 UNION \
     
 




 
     
 



 
     
 





 SELECT domain FROM catchall WHERE domain='${quote_mysql:$domain}'\
     
 




 
     
 



 
     
 





 }}
     
 




 
     
 



 
     
 



 domainlist 
     
 





 relay_to_domains =
     
 
     
 




 
     
 



 
     
 



 hostlist 
     
 





 relay_from_hosts =
     
 




 
     
 



 
     
 



 hostlist spf_white_hosts = \
     
 




 
     
 



 
     
 





 aldimna.com : \
     
 




 
     
 



 
     
 





 smtp.aldimna.com
     
 




 
     
 



 
     
 



 domainlist blocked_domains = 
lsearch;/etc/mail.d/exim.d/conf.d/disabled-domains.list
     
 




 
     
 



 
     
 



 
     
 percent_hack_domains = *
     
 




 
     
 



 
     
 



 acl_smtp_rcpt
     
 







 = acl_check_rcpt
     
 




 
     
 



 
     
 



 acl_smtp_helo
     
 







 = acl_check_helo
     
 




 
     
 



 
     
 



 acl_smtp_mail
     
 







 = acl_check_mail
     
 




 
     
 



 
     
 



 acl_smtp_mime
     
 







 = acl_check_mime
     
 




 
     
 



 
     
 



 acl_smtp_data
     
 







 = acl_check_content
     
 




 
     
 



 
     
 



 av_scanner = clamd:/var/lib/clamav/clamd.sock
     
 




 
     
 



 
     
 



 spamd_address = /var/run/spamassassin/spamd.sock
     
 




 
     
 



 
     
 



 tls_advertise_hosts = *
     
 




 
     
 



 
     
 



 tls_certificate = /etc/ssl/certs/AlDimna-smtp-Certificate.pem
     
 




 
     
 



 
     
 



 tls_privatekey = /etc/ssl/certs/AlDimna-smtp-Certificate.pem
     
 




 
     
 



 
     
 



 daemon_smtp_ports = 25 : 465
     
 




 
     
 



 
     
 



 tls_on_connect_ports = 465
     
 




 
     
 



 
     
 



 qualify_domain = aldimna.com
     
 




 
     
 



 
     
 



 never_users = root
     
 




 
     
 



 
     
 



 host_lookup
     
 






 = !10.0.1.0/24 : *
     
 




 
     
 



 
     
 



 rfc1413_hosts = *
     
 




 
     
 



 
     
 



 rfc1413_query_timeout = 5s
     
 




 
     
 



 
     
 



 ignore_bounce_errors_after = 2d
     
 




 
     
 



 
     
 



 timeout_frozen_after = 7d
     
 




 
     
 



 
     
 



 dsn_from = AlDimna Mail Delivery System
 
     
 




 
     
 



 
     
 



 smtp_enforce_sync = false
     
 




 
     
 



 
     
 



 untrusted_set_sender = *
     
 




 
     
 



 
     
 



 local_sender_retain = true
     
 




 
     
 



 
     
 



 local_from_check = false
     
 




 
     
 



 
     
 



 timezone = EST
     
 




 
     
 



 
     
 



 log_selector = +address_rewrite \
     
 




 
     
 



 
     
 





 +all_parents \
     
 




 
     
 



 
     
 





 +arguments \
     
 




 
     
 



 
     
 





 +connection_reject \
     
 




 
     
 



 
     
 





 +delay_delivery \
     
 




 
     
 



 
     
 





 +delivery_size \
     
 




 
     
 



 
     
 





 +dnslist_defer \
     
 




 
     
 



 
     
 





 +incoming_interface \
     
 




 
     
 



 
     
 





 +incoming_port \
     
 




 
     
 



 
     
 





 +lost_incoming_connection \
     
 




 
     
 



 
     
 





 +queue_run +received_sender \
     
 




 
     
 



 
     
 





 +received_recipients \
     
 




 
     
 



 
     
 





 +retry_defer \
     
 




 
     
 



 
     
 





 +sender_on_delivery \
     
 




 
     
 



 
     
 





 +size_reject \
     
 




 
     
 



 
     
 





 +skip_delivery \
     
 




 
     
 



 
     
 





 +smtp_confirmation \
     
 




 
     
 



 
     
 





 +smtp_connection \
     
 




 
     
 



 
     
 





 +smtp_protocol_error \
     
 




 
     
 



 
     
 





 +smtp_syntax_error \
     
 




 
     
 



 
     
 





 +subject \
     
 




 
     
 



 
     
 





 +tls_cipher \
     
 




 
     
 



 
     
 





 +tls_peerdn \
     
 




 
     
 



 
     
 





 +all
     
 




 
     
 



 
     
 



 message_size_limit = 500M
     
 




 
     
 



 
     
 



 begin acl
     
 




 
     
 



 
     
 



 acl_check_helo:
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = HELO/EHLO with AlDimna ip address. 
     
 1- You are not me.
     
 




 
     
 



 
     
 





 log_message
     
 






 = HELO/EHLO with AlDimna ip address deny
     
 




 
     
 



 
     
 





 condition
     
 






 = ${if match {$sender_helo_name}{46.102.240.223} {yes}{no}}
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = HELO/EHLO with AlDimna domain name. 
     
 2- You are not me.
     
 




 
     
 



 
     
 





 log_message
     
 






 = HELO/EHLO AlDimna domain deny
     
 




 
     
 



 
     
 





 condition
     
 






 = ${if match {$sender_helo_name}{smtp.aldimna.com} {yes}{no}}
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = Fine, then the mail I accept is also none
     
 




 
     
 



 
     
 





 log_message
     
 






 = HELO/EHLO none deny
     
 




 
     
 



 
     
 





 condition
     
 






 = ${if match {$sender_helo_name}{none} {yes}{no}}
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = You are hardly local, fool
     
 




 
     
 



 
     
 





 log_message
     
 






 = HELO/EHLO localhost deny
     
 




 
     
 



 
     
 





 condition
     
 






 = ${if match {$sender_helo_name}{localhost} {yes}{no}}
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = Invalid HELO. 
     
 You must be spam or a virus, or your system administrator is an idiot.
     
 




 
     
 



 
     
 





 !hosts 
     
 

     
 

     
 

     
 

     
 = +relay_from_hosts
     
 




 
     
 



 
     
 





 log_message
     
 






 = HELO/EHLO Invalid deny
     
 




 
     
 



 
     
 





 condition
     
 






 = ${if match{$sender_helo_name}{\\.}{no}{yes}}
     
 




 
     
 



 
     
 





 accept
     
 




 
     
 



 
     
 



 acl_check_mail:
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = \nIf you see this message then you no longer have an account with 
us.\nPlease if you require a backup for you account email us at 
[email protected].\n
     
 




 
     
 



 
     
 





 log_message
     
 






 = from blocked senders list
     
 




 
     
 



 
     
 





 senders
     
 






 = /etc/mail.d/exim.d/conf.d/disabled-senders.list
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = You're from Mailinator, go away
     
 




 
     
 



 
     
 





 log_message
     
 






 = Mailinator mail
     
 




 
     
 



 
     
 





 senders
     
 






 = *@mailinator.com
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = You are a major spammer, go away
     
 




 
     
 



 
     
 





 log_message
     
 






 = Pookmail mail
     
 




 
     
 



 
     
 





 senders
     
 






 = *@pookmail.com
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = You are a major spammer, go away
     
 




 
     
 



 
     
 





 log_message
     
 






 = Russian sex spam
     
 




 
     
 



 
     
 





 senders
     
 






 = *@mail.ru
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = \nIf you see this message then you no longer have an account with 
us.\nPlease if you require a backup for you account email us at 
[email protected].\n
     
 




 
     
 



 
     
 





 log_message
     
 






 = from blocked emails list
     
 




 
     
 



 
     
 





 senders
     
 






 = /etc/mail.d/exim.d/conf.d/disabled-emails.list
     
 




 
     
 



 
     
 





 accept
     
 




 
     
 



 
     
 



 acl_check_rcpt:
     
 




 
     
 



 
     
 





 accept
     
 






 hosts
     
 






 = :
     
 




 
     
 



 
     
 





 deny 
     
 






 message 
     
 

     
 

     
 

     
 
= Sender claims to have a local address, but is neither authenticated nor 
relayed (try using SMTP-AUTH!)
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= Forged Sender address (claims to be local user [${sender_address}], but isn't 
authenticated)
     
 




 
     
 



 
     
 





 !hosts 
     
 

     
 

     
 

     
 

     
 = +relay_from_hosts
     
 




 
     
 



 
     
 





 !authenticated 
     
 = *
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if match_domain{$sender_address_domain}{+local_domains}}
     
 




 
     
 



 
     
 





 warn 
     
 
     
 






 message 
     
 

     
 

     
 

     
 
= You cannot be localhost.localdomain in the internet
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= HELO is faked as localhost.localdomain
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if match{$sender_helo_name}{\Nlocalhost\.localdomain\N}}
     
 




 
     
 



 
     
 





 warn 
     
 
     
 






 message 
     
 

     
 

     
 

     
 
= X-Invalid-HELO: HELO is IP only (See RFC2821 4.1.3)
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= HELO ($sender_helo_name) is IP only (See RFC2821 4.1.3)
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if isip{$sender_helo_name}}
     
 




 
     
 



 
     
 





 warn 
     
 
     
 






 message 
     
 

     
 

     
 

     
 
= X-Invalid-HELO: HELO is no FQDN (contains no dot) (See RFC2821 4.1.1.1)
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= HELO ($sender_helo_name) is no FQDN (contains no dot) (See RFC2821 4.1.1.1)
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
     
 




 
     
 



 
     
 





 warn 
     
 
     
 






 message 
     
 

     
 

     
 

     
 
= X-Invalid-HELO: HELO is no FQDN (ends in dot) (See RFC2821 4.1.1.1)
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= HELO ($sender_helo_name) is no FQDN (ends in dot) (See RFC2821 4.1.1.1)
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if match{$sender_helo_name}{\N\.$\N}}
     
 




 
     
 



 
     
 





 warn 
     
 
     
 






 message 
     
 

     
 

     
 

     
 
= X-Invalid-HELO: HELO is no FQDN (contains double dot) (See RFC2821 4.1.1.1)
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= HELO ($sender_helo_name) is no FQDN (contains double dot) (See RFC2821 
4.1.1.1)
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if match{$sender_helo_name}{\N\.\.\N}}
     
 




 
     
 



 
     
 





 warn 
     
 
     
 






 message 
     
 

     
 

     
 

     
 
= X-Invalid-HELO: Host impersonating [$primary_hostname]
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= HELO ($sender_helo_name) impersonating [$primary_hostname]
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if match{$sender_helo_name}{$primary_hostname}{yes}{no}}
     
 




 
     
 



 
     
 





 warn 
     
 
     
 






 message 
     
 

     
 

     
 

     
 
= X-Invalid-HELO: $interface_address is _my_ address
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= HELO ($sender_helo_name) uses _my_ address ($interface_address)
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if or{{\
     
 




 
     
 



 
     
 





 eq{[$interface_address]}{$sender_helo_name}\
     
 




 
     
 



 
     
 





 }{\ 
     
 
     
 
     
 




 
     
 



 
     
 





 eq{$interface_address}{$sender_helo_name}\
     
 




 
     
 



 
     
 





 }}}
     
 




 
     
 



 
     
 





 warn 
     
 
     
 






 message 
     
 

     
 

     
 

     
 
     
 







 = X-Invalid-HELO: no HELO
     
 
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= no HELO ($sender_helo_name)
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if !def:sender_helo_name}
     
 




 
     
 



 
     
 





 deny 
     
 

     
 message 
     
 

     
 

     
 

     
 





 = Restricted characters in address
     
 




 
     
 



 
     
 





 domains 
     
 

     
 

     
 

     
 






 = +local_domains
     
 




 
     
 



 
     
 





 local_parts 
     
 

     
 






 = ^[.] : ^.*[@%!/|]
     
 




 
     
 



 
     
 





 deny 
     
 

     
 message 
     
 

     
 

     
 

     
 





 = Restricted characters in address
     
 




 
     
 



 
     
 





 domains 
     
 

     
 

     
 

     
 






 = !+local_domains
     
 




 
     
 



 
     
 





 local_parts 
     
 

     
 






 = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
     
 




 
     
 



 
     
 





 accept
     
 






 local_parts 
     
 

     
 





 = postmaster
     
 




 
     
 



 
     
 





 domains 
     
 

     
 

     
 

     
 






 = +local_domains
     
 




 
     
 



 
     
 





 accept
     
 






 local_parts 
     
 

     
 





 = info : marketing : sales : support : \
     
 




 
     
 



 
     
 





 abuse : noc : security : postmaster : \
     
 




 
     
 



 
     
 





 hostmaster : usenet : news : webmaster : \
     
 




 
     
 



 
     
 





 www : uucp : ftp
     
 




 
     
 



 
     
 





 domains 
     
 

     
 

     
 

     
 






 = +local_domains
     
 




 
     
 



 
     
 





 require
     
 






 verify 
     
 

     
 

     
 

     
 
     
 







 = sender
     
 




 
     
 



 
     
 





 warn
     
 






 message
     
 






 = X-Sender-Verify: FAILED ($sender_verify_failure)
     
 




 
     
 



 
     
 





 log_message
     
 






 = Sender ($sender_address) could not be verified using callout: 
$acl_verify_message ($sender_verify_failure)
     
 




 
     
 



 
     
 





 !verify
     
 






 = sender/callout=10s,random
     
 




 
     
 



 
     
 





 warn
     
 






 message
     
 






 = X-Sender-Verify: SUCCEEDED (sender exists & accepts mail)
     
 




 
     
 



 
     
 





 verify
     
 






 = sender/callout=10s,random
     
 




 
     
 



 
     
 





 accept 
     
 hosts 
     
 

     
 

     
 

     
 

     
 





 = +relay_from_hosts
     
 




 
     
 



 
     
 





 control 
     
 

     
 

     
 

     
 






 = submission
     
 




 
     
 



 
     
 





 control 
     
 

     
 

     
 

     
 






 = dkim_disable_verify
     
 




 
     
 



 
     
 





 accept 
     
 authenticated
     
 






 = *
     
 




 
     
 



 
     
 





 control 
     
 

     
 

     
 

     
 






 = submission/sender_retain/domain=
     
 




 
     
 



 
     
 





 require message 
     
 





 = relay not permitted
     
 




 
     
 



 
     
 





 domains 
     
 






 = +local_domains : +relay_to_domains
     
 




 
     
 



 
     
 





 require
     
 






 verify 
     
 





 = recipient
     
 




 
     
 



 
     
 





 accept
     
 






 domains
     
 






 = +local_domains
     
 




 
     
 



 
     
 





 endpass
     
 




 
     
 



 
     
 





 verify
     
 






 = recipient
     
 




 
     
 



 
     
 





 accept
     
 






 domains
     
 






 = +relay_to_domains
     
 




 
     
 



 
     
 





 endpass
     
 




 
     
 



 
     
 





 verify
     
 






 = recipient
     
 




 
     
 



 
     
 





 accept
     
 






 hosts
     
 






 = +relay_from_hosts
     
 




 
     
 



 
     
 





 accept
     
 






 authenticated
     
 







 = *
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = relay not permitted
     
 




 
     
 



 
     
 



 
     
 

     
 
accept 
     
 hosts 
     
 

     
 

     
 

     
 
= +relay_from_hosts
     
 




 
     
 



 
     
 



 
     
 

     
 
accept 
     
 authenticated = *
     
 




 
     
 



 
     
 



 
     
 

     
 
require message = relay not permitted
     
 




 
     
 



 
     
 



 
     
 

     
 

     
 

     
 
domains = +local_domains : +relay_to_domains
     
 




 
     
 



 
     
 



 acl_check_mime:
     
 




 
     
 



 
     
 





 warn
     
 






 decode
     
 






 = default
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = Blacklisted file extension detected
     
 




 
     
 



 
     
 





 condition
     
 






 = ${if match \
     
 




 
     
 



 
     
 



 
     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 






 {${lc:$mime_filename}} \
     
 




 
     
 



 
     
 



 
     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 






 {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.vbs)$\N} \
     
 




 
     
 



 
     
 



 
     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 
     
 






 {1}{0}}
     
 




 
     
 



 
     
 





 accept
     
 




 
     
 



 
     
 



 acl_check_content:
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = This message contains malware ($malware_name)
     
 




 
     
 



 
     
 





 malware
     
 






 = *
     
 




 
     
 



 
     
 





 warn
     
 






 message
     
 






 = X-Spam-Score: $spam_score ($spam_bar)
     
 




 
     
 



 
     
 





 spam
     
 






 = nobody:true
     
 




 
     
 



 
     
 





 warn
     
 






 message
     
 






 = X-Spam-Report: $spam_report
     
 




 
     
 



 
     
 





 spam
     
 






 = nobody:true
     
 




 
     
 



 
     
 





 warn
     
 






 message
     
 






 = Subject: ****SPAM**** $h_Subject:
     
 




 
     
 



 
     
 





 spam 
     
 

     
 

     
 

     
 

     
 

     
 = nobody
     
 




 
     
 



 
     
 





 warn
     
 






 message
     
 






 = X-Spam-Flag: YES
     
 




 
     
 



 
     
 





 spam
     
 






 = nobody
     
 




 
     
 



 
     
 





 warn
     
 






 message
     
 






 = This message scored $spam_score points. Congratulations!
     
 




 
     
 



 
     
 





 spam
     
 






 = nobody:true
     
 




 
     
 



 
     
 





 condition
     
 






 = ${if >{$spam_score_int}{50}{1}{0}}
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = This message scored $spam_score points. Congratulations!
     
 




 
     
 



 
     
 





 spam
     
 






 = nobody:true
     
 




 
     
 



 
     
 





 condition
     
 






 = ${if >{$spam_score_int}{200}{1}{0}}
     
 




 
     
 



 
     
 





 warn
     
 






 condition
     
 






 = ${if !def:h_Message-ID: {1}}
     
 




 
     
 



 
     
 





 message
     
 






 = Message SHOULD have Message-ID: but does not
     
 




 
     
 



 
     
 





 warn
     
 






 condition
     
 






 = ${if !def:h_Date: {1}}
     
 




 
     
 



 
     
 





 message
     
 






 = Message SHOULD have Date: but does not
     
 




 
     
 



 
     
 





 deny
     
 






 message
     
 






 = Hiding of file extensions is not allowed!
     
 




 
     
 



 
     
 





 log_message
     
 






 = Dangerous extension (CLSID hidden)
     
 




 
     
 



 
     
 





 regex
     
 






 = 
^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
     
 




 
     
 



 
     
 





 warn
     
 






 message 
     
 

     
 

     
 

     
 
= X-Spam-Score: $spam_score\n\
     
 




 
     
 



 
     
 





 X-Spam-Score-Int: $spam_score_int\n\
     
 




 
     
 



 
     
 





 X-Spam-Bar: $spam_bar\n\
     
 




 
     
 



 
     
 





 X-Spam-Report: $spam_report
     
 




 
     
 



 
     
 





 !authenticated
     
 






 = *
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if < {$message_size}{SPAM_FILESIZE_LIMIT}} 
     
 
     
 




 
     
 



 
     
 





 spam 
     
 

     
 

     
 

     
 

     
 

     
 = spamassassin:true
     
 




 
     
 



 
     
 





 defer 
     
 






 message 
     
 

     
 

     
 

     
 
= Temporary error while spam-scanning. Please try again later.
     
 




 
     
 



 
     
 





 log_message 
     
 

     
 
= message temporarily rejected, because of spam-scan error (maybe timeout)
     
 




 
     
 



 
     
 





 !authenticated 
     
 = *
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if < {$message_size}{SPAM_FILESIZE_LIMIT}}
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if !def:spam_score}
     
 




 
     
 



 
     
 





 deny 
     
 
     
 






 message 
     
 

     
 

     
 

     
 
= This message is classified as UBE (SPAM) and therefore rejected. You scored 
$spam_score points. Congratulations!
     
 




 
     
 



 
     
 





 !authenticated 
     
 = *
     
 




 
     
 



 
     
 





 condition 
     
 

     
 

     
 
= ${if >={$spam_score_int}{${lookup mysql{\
     
 




 
     
 



 
     
 



 
     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 
SELECT ((max(spam_threshold)*2+10)*10) AS spam_reject_threshold \
     
 




 
     
 



 
     
 



 
     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 
FROM user \
     
 




 
     
 



 
     
 



 
     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 
WHERE SMTP_allowed='YES' \
     
 




 
     
 



 
     
 



 
     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 
}{$value}{15}}}{true}{false}}
     
 




 
     
 



 
     
 





 warn 
     
 message 
     
 

     
 

     
 

     
 

     
 





 = X-Exim-Version: $version_number (build at $compile_date)\n\
     
 




 
     
 



 
     
 





 X-Date: $tod_log\n\
     
 




 
     
 



 
     
 





 X-Connected-IP: $sender_host_address:$sender_host_port
     
 




 
     
 



 
     
 





 warn message 
     
 

     
 

     
 

     
 

     
 
     
 






 = X-Message-Linecount: $message_linecount\n\ 
     
 
     
 




 
     
 



 
     
 





 X-Body-Linecount: $body_linecount\n\
     
 




 
     
 



 
     
 





 X-Message-Size: $message_size\n\
     
 




 
     
 



 
     
 





 X-Body-Size: $message_body_size
     
 




 
     
 



 
     
 





 warn
     
 






 log_message
     
 







 = DEBUG 
     
 load_avgx1000: $load_average 
     
 spam_score: $spam_score 
     
 message_size: $message_size
     
 




 
     
 



 
     
 





 accept
     
 




 
     
 



 
     
 



 begin routers
     
 




 
     
 



 
     
 



 reject_domains:
     
 




 
     
 



 
     
 



 
     
 

     
 
driver = redirect
     
 




 
     
 



 
     
 



 
     
 

     
 
domains = +blocked_domains
     
 




 
     
 



 
     
 



 
     
 

     
 
allow_fail
     
 




 
     
 



 
     
 



 
     
 

     
 
data = :fail: AlDimna mail server is down - please try sending your message 
again later.
     
 




 
     
 



 
     
 



 uservacation:
     
 




 
     
 



 
     
 





 driver = redirect
     
 




 
     
 



 
     
 





 domains = +local_domains
     
 




 
     
 



 
     
 





 allow_filter
     
 




 
     
 



 
     
 





 hide_child_in_errmsg
     
 




 
     
 



 
     
 





 ignore_eacces
     
 




 
     
 



 
     
 





 ignore_enotdir
     
 




 
     
 



 
     
 





 reply_transport = autoreply_reply
     
 




 
     
 



 
     
 





 no_verify
     
 




 
     
 



 
     
 





 file_transport = address_file
     
 




 
     
 



 
     
 





 pipe_transport = address_pipe
     
 




 
     
 



 
     
 





 directory_transport = address_directory
     
 




 
     
 



 
     
 





 require_files = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf
     
 




 
     
 



 
     
 





 file = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf
     
 




 
     
 



 
     
 





 senders = !+noautoreply_senders
     
 




 
     
 



 
     
 





 user = mail
     
 




 
     
 



 
     
 





 group = mail
     
 




 
     
 



 
     
 





 unseen
     
 




 
     
 



 
     
 



 userautoreply:
     
 




 
     
 



 
     
 





 driver = redirect
     
 




 
     
 



 
     
 





 domains = +local_domains
     
 




 
     
 



 
     
 





 allow_filter
     
 




 
     
 



 
     
 





 hide_child_in_errmsg
     
 




 
     
 



 
     
 





 ignore_eacces
     
 




 
     
 



 
     
 





 ignore_enotdir
     
 




 
     
 



 
     
 





 reply_transport = autoreply_reply
     
 




 
     
 



 
     
 





 no_verify
     
 




 
     
 



 
     
 





 file_transport = address_file
     
 




 
     
 



 
     
 





 pipe_transport = address_pipe
     
 




 
     
 



 
     
 





 directory_transport = address_directory
     
 




 
     
 



 
     
 





 require_files = /var/mail/${domain}/${local_part}/.autoreply.conf
     
 




 
     
 



 
     
 





 file = /var/mail/${domain}/${local_part}/.autoreply.conf
     
 




 
     
 



 
     
 





 user = mail
     
 




 
     
 



 
     
 





 group = mail
     
 




 
     
 



 
     
 



 userfilter:
     
 




 
     
 



 
     
 





 driver = redirect
     
 




 
     
 



 
     
 





 domains = +local_domains
     
 




 
     
 



 
     
 





 allow_filter
     
 




 
     
 



 
     
 





 hide_child_in_errmsg
     
 




 
     
 



 
     
 





 ignore_eacces
     
 




 
     
 



 
     
 





 ignore_enotdir
     
 




 
     
 



 
     
 





 reply_transport = autoreply_reply
     
 




 
     
 



 
     
 





 no_verify
     
 




 
     
 



 
     
 





 file_transport = address_file
     
 




 
     
 



 
     
 





 pipe_transport = address_pipe
     
 




 
     
 



 
     
 





 directory_transport = address_directory
     
 




 
     
 



 
     
 





 require_files = /var/mail/${domain}/${local_part}/.filter.conf
     
 




 
     
 



 
     
 





 file = /var/mail/${domain}/${local_part}/.filter.conf
     
 




 
     
 



 
     
 





 user = mail
     
 




 
     
 



 
     
 





 group = mail
     
 




 
     
 



 
     
 



 dnslookup:
     
 




 
     
 



 
     
 



 
     
 
driver = dnslookup
     
 




 
     
 



 
     
 



 
     
 
domains = ! +local_domains
     
 




 
     
 



 
     
 



 
     
 
transport = remote_smtp
     
 




 
     
 



 
     
 



 
     
 
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
     
 




 
     
 



 
     
 



 
     
 
no_more
     
 




 
     
 



 
     
 



 mysql_all_domain_alias:
     
 




 
     
 



 
     
 



 
     
 
driver 
     
 





 = redirect
     
 




 
     
 



 
     
 



 
     
 
domains 
     
 





 = +local_domains
     
 




 
     
 



 
     
 



 
     
 
local_parts 
     
 





 = alle
     
 




 
     
 



 
     
 



 
     
 
data 
     
 





 = ${lookup mysql{ \
     
 




 
     
 



 
     
 





 
     
 
     
 






 SELECT CONCAT(username,'@',domain) AS sendto \
     
 




 
     
 



 
     
 





 FROM user \
     
 




 
     
 



 
     
 





 WHERE domain='${quote_mysql:$domain}' \
     
 




 
     
 



 
     
 





 AND SMTP_allowed='YES' \
     
 




 
     
 



 
     
 





 
     
 }}
     
 




 
     
 



 
     
 



 
     
 
condition 
     
 





 = ${if or {{\
     
 




 
     
 



 
     
 



 
     
 

     
 





 def:authenticated_id\
     
 




 
     
 



 
     
 





 
     
 

     
 }{\
     
 




 
     
 



 
     
 





 
     
 

     
 

     
 
     
 






 eq {$sender_host_address}{127.0.0.1}\
     
 




 
     
 



 
     
 





 
     
 

     
 }}\
     
 




 
     
 



 
     
 





 
     
 }
     
 




 
     
 



 
     
 



 
     
 
file_transport = address_file
     
 




 
     
 



 
     
 



 
     
 
pipe_transport = address_pipe
     
 




 
     
 



 
     
 



 mysql_alias:
     
 




 
     
 



 
     
 



 
     
 
driver 
     
 





 = redirect
     
 
     
 




 
     
 



 
     
 



 
     
 
domains 
     
 





 = +local_domains
     
 




 
     
 



 
     
 



 
     
 
file_transport 
     
 





 = address_file
     
 




 
     
 



 
     
 



 
     
 
pipe_transport 
     
 





 = address_pipe
     
 




 
     
 



 
     
 



 
     
 
data 
     
 





 = ${if or {{\
     
 




 
     
 



 
     
 



 
     
 

     
 





 
     
 

     
 






 
     
 
     
 






 def:authenticated_id\
     
 




 
     
 



 
     
 





 
     
 





 
     
 }{\
     
 




 
     
 



 
     
 





 
     
 

     
 






 eq {$sender_host_address}{127.0.0.1}\
     
 




 
     
 



 
     
 





 
     
 





 
     
 }}{\
     
 




 
     
 



 
     
 



 
     
 

     
 





 ${lookup mysql{ \
     
 




 
     
 



 
     
 





 SELECT sendto \
     
 




 
     
 



 
     
 





 FROM alias \
     
 




 
     
 



 
     
 





 WHERE ( username='${quote_mysql:$local_part}' \
     
 




 
     
 



 
     
 





 AND (domain='${quote_mysql:$domain}' OR domain='') )}}\
     
 




 
     
 



 
     
 





 
     
 





 
     
 } {\
     
 




 
     
 



 
     
 





 ${lookup mysql{ \
     
 




 
     
 



 
     
 





 SELECT sendto \
     
 




 
     
 



 
     
 





 FROM alias \
     
 




 
     
 



 
     
 





 WHERE ( ( username='${quote_mysql:$local_part}' AND 
(domain='${quote_mysql:$domain}' OR domain='') ) \
     
 




 
     
 



 
     
 





 AND internal='NO' )}}\
     
 




 
     
 



 
     
 





 
     
 





 
     
 }}
     
 




 
     
 



 
     
 



 
     
 
local_part_suffix 
     
 





 = +*
     
 




 
     
 



 
     
 



 
     
 
local_part_suffix_optional
     
 




 
     
 



 
     
 



 mysql_user_condition:
     
 




 
     
 



 
     
 



 
     
 
driver 
     
 





 = accept
     
 




 
     
 



 
     
 



 
     
 
domains 
     
 





 = +local_domains
     
 




 
     
 



 
     
 



 
     
 
caseful_local_part 
     
 






 = true
     
 




 
     
 



 
     
 



 
     
 
condition 
     
 





 = ${if and {{\
     
 




 
     
 



 
     
 



 
     
 

     
 





 eq {${lookup mysql{ \
     
 




 
     
 



 
     
 





 SELECT CONCAT(username,'@',domain) AS email \
     
 




 
     
 



 
     
 





 FROM user \
     
 




 
     
 



 
     
 





 WHERE username='${quote_mysql:$local_part}' \
     
 




 
     
 



 
     
 





 AND domain='${quote_mysql:$domain}' \
     
 




 
     
 



 
     
 





 AND SMTP_allowed='YES' \
     
 




 
     
 



 
     
 





 }{true}{false}}}{true}\
     
 




 
     
 



 
     
 





 
     
 
     
 






 
     
 
}{\
     
 




 
     
 



 
     
 





 or {{\
     
 




 
     
 



 
     
 





 and {{\
     
 




 
     
 



 
     
 





 eq {${sg{$local_part_suffix}{^
     
 




 
     
 



 
     
 





 
     
 

     
 
     
 






 }{\
     
 




 
     
 



 
     
 





 lt {$tod_logfile}{${sg{$local_part_suffix}{^
     
 




 
     
 



 
     
 





 
     
 

     
 
     
 






 
     
 

     
 

     
 





 
     
 

     
 
     
 






 }\
     
 




 
     
 



 
     
 





 
     
 

     
 

     
 

     
 

     
 
}\
     
 




 
     
 



 
     
 





 
     
 
}{\
     
 




 
     
 



 
     
 





 and {{\
     
 




 
     
 



 
     
 





 eq {${sg{$local_part_suffix}{^
     
 




 
     
 



 
     
 





 
     
 

     
 }{\
     
 




 
     
 



 
     
 





 eq {$sender_address_domain}{${sg{$local_part_suffix}{^
     
 




 
     
 



 
     
 





 
     
 

     
 
     
 






 
     
 

     
 

     
 





 
     
 

     
 }\
     
 




 
     
 



 
     
 





 
     
 

     
 

     
 






 }\
     
 




 
     
 



 
     
 





 
     
 

     
 
     
 






 
     
 
}{\
     
 




 
     
 



 
     
 





 and {{\
     
 




 
     
 



 
     
 





 eq {${sg{$local_part_suffix}{^
     
 




 
     
 



 
     
 





 
     
 

     
 

     
 

     
 

     
 

     
 }{\
     
 




 
     
 



 
     
 





 eq {${str2b64:$sender_address}}{${sg{$local_part_suffix}{^
     
 




 
     
 



 
     
 





 
     
 

     
 
     
 






 
     
 

     
 

     
 





 
     
 

     
 
     
 






 
     
 

     
 }\
     
 




 
     
 



 
     
 





 
     
 

     
 

     
 






 }\
     
 




 
     
 



 
     
 





 
     
 

     
 
     
 






 
     
 
}\
     
 




 
     
 



 
     
 





 }\
     
 




 
     
 



 
     
 





 
     
 
}\
     
 




 
     
 



 
     
 





 
     
 

     
 






 
     
 }\
     
 




 
     
 



 
     
 





 
     
 }
     
 




 
     
 



 
     
 



 
     
 
local_part_suffix 
     
 





 =
     
 
     
 




 
     
 



 
     
 



 
     
 
transport 
     
 





 = local_mysql_delivery
     
 




 
     
 



 
     
 



 mysql_user:
     
 




 
     
 



 
     
 



 
     
 
driver 
     
 





 = accept
     
 




 
     
 



 
     
 



 
     
 
domains 
     
 





 = +local_domains
     
 




 
     
 



 
     
 



 
     
 
condition 
     
 





 = ${lookup mysql{ \
     
 




 
     
 



 
     
 



 
     
 

     
 





 SELECT CONCAT(username,'@',domain) AS email \
     
 




 
     
 



 
     
 





 FROM user \
     
 




 
     
 



 
     
 





 WHERE username='${quote_mysql:$local_part}' \
     
 




 
     
 



 
     
 





 AND domain='${quote_mysql:$domain}' \
     
 




 
     
 



 
     
 





 AND SMTP_allowed='YES' \
     
 




 
     
 



 
     
 





 
     
 }{true}{false}}
     
 




 
     
 



 
     
 



 
     
 
local_part_suffix 
     
 





 = +*
     
 




 
     
 



 
     
 



 
     
 
local_part_suffix_optional
     
 




 
     
 



 
     
 



 
     
 
transport 
     
 





 = local_mysql_delivery 
     
 
     
 
     
 




 
     
 



 
     
 



 
     
 
no_more
     
 




 
     
 



 
     
 



 mysql_catchall:
     
 




 
     
 



 
     
 



 
     
 
driver 
     
 





 = redirect
     
 




 
     
 



 
     
 



 
     
 
domains 
     
 





 = +local_domains
     
 




 
     
 



 
     
 



 
     
 
file_transport 
     
 





 = address_file
     
 




 
     
 



 
     
 



 
     
 
pipe_transport 
     
 





 = address_pipe
     
 




 
     
 



 
     
 



 
     
 
data 
     
 





 = ${lookup mysql{ \
     
 




 
     
 



 
     
 



 
     
 

     
 





 
     
 
     
 






 SELECT sendto \
     
 




 
     
 



 
     
 





 FROM catchall \
     
 




 
     
 



 
     
 





 WHERE domain='${quote_mysql:$domain}' \
     
 




 
     
 



 
     
 





 
     
 }}
     
 




 
     
 



 
     
 



 system_aliases:
     
 




 
     
 



 
     
 



 
     
 
driver = redirect
     
 




 
     
 



 
     
 



 
     
 
allow_fail
     
 




 
     
 



 
     
 



 
     
 
allow_defer
     
 




 
     
 



 
     
 



 
     
 
data = ${lookup{$local_part}lsearch{/etc/mail.d/exim.d/aliases}}
     
 




 
     
 



 
     
 



 
     
 
file_transport = address_file
     
 




 
     
 



 
     
 



 
     
 
pipe_transport = address_pipe
     
 




 
     
 



 
     
 



 localuser:
     
 




 
     
 



 
     
 



 
     
 
driver = accept
     
 




 
     
 



 
     
 



 
     
 
check_local_user
     
 




 
     
 



 
     
 



 
     
 
transport = local_delivery
     
 




 
     
 



 
     
 



 
     
 
cannot_route_message = Unknown user
     
 




 
     
 



 
     
 



 uservacation:
     
 




 
     
 



 
     
 





 driver = redirect
     
 




 
     
 



 
     
 





 domains = +local_domains
     
 




 
     
 



 
     
 





 allow_filter
     
 




 
     
 



 
     
 





 hide_child_in_errmsg
     
 




 
     
 



 
     
 





 ignore_eacces
     
 




 
     
 



 
     
 





 ignore_enotdir
     
 




 
     
 



 
     
 





 reply_transport = autoreply_reply
     
 




 
     
 



 
     
 





 no_verify
     
 




 
     
 



 
     
 





 file_transport = address_file
     
 




 
     
 



 
     
 





 pipe_transport = address_pipe
     
 




 
     
 



 
     
 





 directory_transport = address_directory
     
 




 
     
 



 
     
 





 require_files = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf
     
 




 
     
 



 
     
 





 file = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf
     
 




 
     
 



 
     
 





 senders = !+noautoreply_senders
     
 




 
     
 



 
     
 





 user = mail
     
 




 
     
 



 
     
 





 group = mail
     
 




 
     
 



 
     
 





 unseen
     
 




 
     
 



 
     
 



 userautoreply:
     
 




 
     
 



 
     
 





 driver = redirect
     
 




 
     
 



 
     
 





 domains = +local_domains
     
 




 
     
 



 
     
 





 allow_filter
     
 




 
     
 



 
     
 





 hide_child_in_errmsg
     
 




 
     
 



 
     
 





 ignore_eacces
     
 




 
     
 



 
     
 





 ignore_enotdir
     
 




 
     
 



 
     
 





 reply_transport = autoreply_reply
     
 




 
     
 



 
     
 





 no_verify
     
 




 
     
 



 
     
 





 file_transport = address_file
     
 




 
     
 



 
     
 





 pipe_transport = address_pipe
     
 




 
     
 



 
     
 





 directory_transport = address_directory
     
 




 
     
 



 
     
 





 require_files = /var/mail/${domain}/${local_part}/.autoreply.conf
     
 




 
     
 



 
     
 





 file = /var/mail/${domain}/${local_part}/.autoreply.conf
     
 




 
     
 



 
     
 





 user = mail
     
 




 
     
 



 
     
 





 group = mail
     
 




 
     
 



 
     
 



 userfilter:
     
 




 
     
 



 
     
 





 driver = redirect
     
 




 
     
 



 
     
 





 domains = +local_domains
     
 




 
     
 



 
     
 





 allow_filter
     
 




 
     
 



 
     
 





 hide_child_in_errmsg
     
 




 
     
 



 
     
 





 ignore_eacces
     
 




 
     
 



 
     
 





 ignore_enotdir
     
 




 
     
 



 
     
 





 reply_transport = autoreply_reply
     
 




 
     
 



 
     
 





 no_verify
     
 




 
     
 



 
     
 





 file_transport = address_file
     
 




 
     
 



 
     
 





 pipe_transport = address_pipe
     
 




 
     
 



 
     
 





 directory_transport = address_directory
     
 




 
     
 



 
     
 





 require_files = /var/mail/${domain}/${local_part}/.filter.conf
     
 




 
     
 



 
     
 





 file = /var/mail/${domain}/${local_part}/.filter.conf
     
 




 
     
 



 
     
 





 user = mail
     
 




 
     
 



 
     
 





 group = mail
     
 




 
     
 



 
     
 



 begin retry
     
 




 
     
 



 
     
 



 * 
     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 

     
 * 
     
 

     
 

     
 

     
 

     
 
F,15m,5m; F,2h,15m; G,16h,1h,1.5; F,4d,6h
     
 




 
     
 



 
     
 



 begin rewrite
     
 




 
     
 



 
     
 



 begin authenticators
     
 




 
     
 



 
     
 



 plain:
     
 




 
     
 



 
     
 



 driver 
     
 





 = plaintext
     
 




 
     
 



 
     
 



 public_name 
     
 





 = PLAIN
     
 




 
     
 



 
     
 



 server_advertise_condition 
     
 






 = ${if eq{$tls_cipher}{}{no}{yes}}
     
 




 
     
 



 
     
 



 server_condition 
     
 





 = ${if crypteq {$3}{\{sha1\}${lookup mysql{ \
     
 




 
     
 



 
     
 





 SELECT password \
     
 




 
     
 



 
     
 





 FROM user \
     
 




 
     
 



 
     
 





 WHERE CONCAT(username,'@',domain)='${quote_mysql:$2}' \
     
 




 
     
 



 
     
 





 AND SMTPAUTH_allowed='YES' \
     
 




 
     
 



 
     
 





 
     
 

     
 

     
 
     
 






 
     
 

     
 }}}{yes}{no}}
     
 




 
     
 



 
     
 



 server_set_id 
     
 





 = $2
     
 




 
     
 



 
     
 



 login:
     
 




 
     
 



 
     
 



 driver 
     
 





 = "plaintext"
     
 




 
     
 



 
     
 



 public_name 
     
 





 = "LOGIN"
     
 




 
     
 



 
     
 



 server_prompts 
     
 





 = Username:: : Password::
     
 




 
     
 



 
     
 



 server_advertise_condition 
     
 






 = ${if eq{$tls_cipher}{}{no}{yes}}
     
 




 
     
 



 
     
 



 server_condition 
     
 





 = ${if crypteq {$2}{\{sha1\}${lookup mysql{ \
     
 




 
     
 



 
     
 





 SELECT password \
     
 




 
     
 



 
     
 





 FROM user \
     
 




 
     
 



 
     
 





 WHERE CONCAT(username,'@',domain)='${quote_mysql:$1}' \
     
 




 
     
 



 
     
 





 AND SMTPAUTH_allowed='YES' \
     
 




 
     
 



 
     
 





 
     
 

     
 }}}{yes}{no}}
     
 




 
     
 



 
     
 



 server_set_id 
     
 





 = $1
     
 




 
     
 



 
     
 



 
     
 

     
 




 
     
 


 
     
 
 
     
 



 
     
 





 
     
 




 
     
 



 
     
 



 
     
 


 
     
 




 From:
 Exim-users

 on behalf of kuncho pencho
 
     
 
 Sent:
 Wednesday, July 13, 2016 1:05:07 PM
     
 
 To:
 [email protected]
     
 
 Subject:
 Re: [exim] Exim server maillog are flood by spam attemps?
 
     
 



 
     
 



 
     
 
     
 




 
     
 



 
     
 


 
     
 



 
     
 



 
     
 



 Hi,
     
 



 
     
 

     
 



 
     
 
Could you post your acl's? 
     
 



 
     
 

     
 



 
     
 
Best Regards.
     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 >-------- Оригинално писмо --------
     
 



 
     
 

     
 



 
     
 

     
 >От: Flan AlFlani [email protected]
     
 



 
     
 

     
 



 
     
 

     
 >Относно: Re: [exim] Exim server maillog are flood by spam attemps?
     
 



 
     
 

     
 



 
     
 

     
 >До: kuncho pencho
     
 

     
 



 
     
 

     
 



 
     
 

     
 >Изпратено на: 13.07.2016 15:52
     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 
     
 

     
 



 
     
 

     
 
     
 
.abv-omExternalClass P { margin-top: 0; margin-bottom: 0; }
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 

     
 



 
     
 

     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
hello kuncho pencho ,
     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
I do use
     
 



 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
blacklist but some how the spam seem to come back with
     
 



 
     
 
different email and Host
     
 



 
     
 
.
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 

     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
2016-07-13 07:41:58 [9900] 1bNJTx-0002Zd-1P => [email protected] F=
     
 
P=
     
 
R=dnslookup T=remote_smtp S=3925 H=mhmxha.tele.net [194.183.128.88]:25 C="250 
2.0.0 u6DCgNFs032212 Message accepted for delivery" QT=17s DT=4s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 

     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
Sincerely,
     
 



 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 

     
 



 
     
 

     
 

     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 
From:
     
 
Exim-users
     
 
     
 
on behalf of kuncho pencho
     
 

     
 



 
     
 

     
 
Sent:
     
 
Wednesday, July 13, 2016 9:45 AM
     
 



 
     
 

     
 
To:
     
 
[email protected]
     
 



 
     
 

     
 
Subject:
     
 
Re: [exim] Exim server maillog are flood by spam attemps?
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
Hi, 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 Do you use any blacklist? If not, make it. Something like that:
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 

     
 




 
      https://www.tekovic.com/exim-acl-for-blocking-certain-senders 
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 Best Regards. 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 
>-------- Оригинално писмо --------
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 
>От: Flan AlFlani [email protected]
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 
>Относно: [exim] Exim server maillog are flood by spam attemps?
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 
>До: "[email protected]"
     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 
>Изпратено на: 13.07.2016 07:07
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 My log is flooded with those spam attemps and I wonder if there is a ACL can 
stop those attemps.
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 maillog (this is just a sample, my log will be over a 1000 line in an hour)
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP 
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 Warning: DEBUG
     
 



 
     
 

     
 load_avgx1000: 40
     
 



 
     
 

     
 spam_score: 3.2
     
 



 
     
 

     
 message_size: 3497
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no 
A=login:[email protected] S=5167 
[email protected] T="nouvelles" from
     
 



 
     
 

     
 [email protected] > for
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 [email protected] 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
1bM4ys-0000aK-QP
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:34 [2401] 1bM4ys-0000aK-QP =>
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 F= [email protected] > P= [email protected] > R=dnslookup 
T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP =>
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 F= [email protected] > P= [email protected] > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP ->
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 F= [email protected] > P= [email protected] > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP ->
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 F= [email protected] > P= [email protected] > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP ->
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 F= [email protected] > P= [email protected] > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP Completed QT=9s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:41 [2252] 1bM4z2-0000aK-1R 
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 Warning: DEBUG
     
 



 
     
 

     
 load_avgx1000: 30
     
 



 
     
 

     
 spam_score: 1.2
     
 



 
     
 

     
 message_size: 3405
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:41 [2252] 1bM4z2-0000aK-1R
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no 
A=login:[email protected] S=5002 
[email protected] T="c\342\200\231est si excitant" 
from
     
 



 
     
 

     
 [email protected] > for
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 [email protected] 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
1bM4z2-0000aK-1R
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:44 [2444] 1bM4z2-0000aK-1R =>
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 F= [email protected] > P= [email protected] > R=dnslookup 
T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:44 [2444] 1bM4z2-0000aK-1R ->
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 F= [email protected] > P= [email protected] > R=dnslookup 
T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:46 [2444] 1bM4z2-0000aK-1R =>
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 F= [email protected] > P= [email protected] > R=dnslookup 
T=remote_smtp S=4060 H=mx4.hotmail.com [65.55.37.104]:25 
X=UNKNOWN:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=*.hotmail.com" C="250
     
 



 
     
 

     
 



 
     
 

     
 



 
     
 

     
 Queued mail for delivery" QT=6s DT=4s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:00:51 [2444] 1bM4z2-0000aK-1R =>
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 F= [email protected] > P= [email protected] > R=dnslookup 
T=remote_smtp S=4060 H=mta5.am0.yahoodns.net [98.138.112.35]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel" QT=11s DT=5s
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:02:51 [2450] 1bM4z2-0000aK-1R mailrelay.tab.com.my 
[202.188.95.55]:25 Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:02:51 [2444] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 R=dnslookup T=remote_smtp defer (110): Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:07:25 [2668] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:44:09 [3190] 1bM4z2-0000aK-1R mailrelay.tab.com.my 
[202.188.95.55]:25 Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 22:44:09 [3189] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 R=dnslookup T=remote_smtp defer (110): Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 23:18:58 [5210] 1bM4z2-0000aK-1R mailrelay.tab.com.my 
[202.188.95.55]:25 Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 23:18:58 [5209] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 R=dnslookup T=remote_smtp defer (110): Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 23:44:40 [5472] 1bM4z2-0000aK-1R mailrelay.tab.com.my 
[202.188.95.55]:25 Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-09 23:44:40 [5471] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 R=dnslookup T=remote_smtp defer (110): Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 00:30:50 [6963] 1bM4z2-0000aK-1R mailrelay.tab.com.my 
[202.188.95.55]:25 Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 00:30:50 [6962] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 R=dnslookup T=remote_smtp defer (110): Connection timed out
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 00:42:08 [7311] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 01:25:13 [9147] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 01:47:06 [9578] 1bM4z2-0000aK-1R failed to expand "${lookup mysql 
{SELECT domain FROM user WHERE domain='${quote_mysql:$domain}' UNION SELECT 
domain FROM alias WHERE domain='${quote_mysql:$domain}' UNION SELECT domain 
FROM catchall WHERE domain='${quote_mysql:$domain}'}}" while checking a list: 
lookup of "SELECT domain FROM user WHERE domain='tm.net.my' UNION SELECT domain 
FROM alias WHERE domain='tm.net.my' UNION SELECT domain FROM catchall WHERE 
domain='tm.net.my'" gave DEFER: MYSQL connection failed: Can't connect to local 
MySQL server through socket '/run/mysqld/mysqld.sock' (2 "No such file or 
directory")
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 01:47:06 [9578] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 R=uservacation defer (-1): domains check lookup or other defer
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 01:47:23 [9742] 1bM4z2-0000aK-1R ==
     
 



 
     
 

     
 [email protected]
     
 



 
     
 

     
 routing defer (-51): retry time not reached
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 01:47:24 [9801] cwd=/home/admin 68 args: exim -Mrm 1bM4z2-0000aK-1R 
1bM51q-0000fL-1B 1bM52c-0000fL-AK 1bM52l-0000fL-Mn 1bM52v-0000fL-4U 
1bM56n-0000hM-8O 1bM56r-0000hM-UJ 1bM575-0000hM-Hi 1bM5TM-0000li-AB 
1bM5TS-0000li-Ra 1bM5Yq-0000mp-Gt 1bM5d4-0000pM-Jt 1bM5l8-0000qH-SC 
1bM5lE-0000qH-Oq 1bM5lQ-0000qH-Gy 1bM5lT-0000qH-Kj 1bM5ld-0000qH-FR 
1bM5mA-0000se-IN 1bM5mH-0000se-Jy 1bM5mP-0000se-65 1bM68I-0001Eg-Sw 
1bM68x-0001Eg-ID 1bM6Xu-0001Pi-OD 1bM6ba-0001QJ-I8 1bM6bk-0001QJ-Om 
1bM6bs-0001QJ-AT 1bM6bz-0001QJ-AL 1bM6c4-0001QJ-P4 1bM6cD-0001QJ-1b 
1bM6oE-0001Si-IX 1bM6oR-0001Si-23 1bM6oX-0001Si-GL 1bM6yf-0001e4-Mf 
1bM6yp-0001e4-TJ 1bM71Z-0001g8-2B 1bM71g-0001g8-Qm 1bM71o-0001g8-6z 
1bM71t-0001g8-9L 1bM75g-0001jI-B6 1bM75t-0001jI-7W 1bM75z-0001jI-I3 
1bM7Ki-0001pf-6t 1bM7Kv-0001pf-6e 1bM7L8-0001pn-Mk 1bM7dj-0001vg-2a 
1bM7e1-0001vg-3w 1bM7e6-0001vg-TP 1bM7hP-0001xz-VL 1bM7kZ-00020e-19 
1bM7kf-00020e-AH 1bM7kn-00020e-0G 1bM7ks-00020e-6h 1bM7ky-00020e-8q 
1bM7l2-00020e-Or 1bM7l7-00
     
 



 
     
 

     
 0
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 
20e-Ay 1bM7lC-00020e-8N 1bM7lI-00020e-6R 1bM7lN-00020e-Eh 1bM7qH-0002Bu-Mm 
1bM7qY-0002Bu-IK 1bM8E9-0002OG-0J 1bM8EB-0002OG-HP 1bM8EE-0002OG-0j 
1bM8EG-0002OG-GX 1bM8EI-0002OG-W7 1bM8EQ-0002OG-GW
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 01:47:24 [9801] 1bM4z2-0000aK-1R removed by root
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 2016-07-10 01:47:24 [9801] 1bM4z2-0000aK-1R Completed
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 any help would be greatly appreciated
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 -- 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 ## List details at
     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 
     
 

     
 




 
      https://lists.exim.org/mailman/listinfo/exim-users  
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 ## Exim details at
     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 

     
 




 
      http://www.exim.org/  
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 ## Please use the Wiki with this list -
     
 



 
     
 

     
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 

     
 




 
      http://wiki.exim.org/  
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 -- 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 ## List details at 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 

     
 




 
      https://lists.exim.org/mailman/listinfo/exim-users 
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 ## Exim details at 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 

     
 




 
      http://www.exim.org/ 
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 ## Please use the Wiki with this list - 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 

     
 




 
      http://wiki.exim.org/ 
 
     
 



 
     
 

     
 
     
 
     
 
     
 
     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 
     
 
     
 
     
 

     
 



 
     
 

     
 
     
 



 
     
 
-- 
     
 



 
     
 
## List details at 
     
 




 
      https://lists.exim.org/mailman/listinfo/exim-users  
     
 



 
     
 
## Exim details at 
     
 




 
      http://www.exim.org/  
     
 



 
     
 
## Please use the Wiki with this list - 
     
 




 
      http://wiki.exim.org/  
     
 









 
     
 

     
 -- 
     
 ## List details at 
      https://lists.exim.org/mailman/listinfo/exim-users 
     
 ## Exim details at 
      http://www.exim.org/ 
     
 ## Please use the Wiki with this list - 
      http://wiki.exim.org/ 
           
 
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to