Hi, I hope you changed the password on the server. Also try to implement Lena's block cracking:
https://github.com/Exim/exim/wiki/BlockCracking Best Regards. >-------- Оригинално писмо -------- >От: Flan AlFlani [email protected] >Относно: Re: [exim] Exim server maillog are flood by spam attemps? >До: kuncho pencho >Изпратено на: 15.07.2016 05:12 .abv-omExternalClass .EmailQuote { margin-left: 1.0pt; padding-left: 4.0pt; border-left: #800000 2.0px solid; } .abv-omExternalClass p { margin-top: 0; margin-bottom: 0; } hi [email protected] is in one laptop and I change the password and shutdown that laptop and still. From: Exim-users on behalf of kuncho pencho Sent: Wednesday, July 13, 2016 1:43:25 PM To: [email protected] Subject: Re: [exim] Exim server maillog are flood by spam attemps? Hi, Do you check for compromissed account? Who is [email protected] ? Best Regards. >-------- Оригинално писмо -------- >От: Flan AlFlani [email protected] >Относно: Re: [exim] Exim server maillog are flood by spam attemps? >До: kuncho pencho >Изпратено на: 13.07.2016 16:20 .abv-omExternalClass .EmailQuote { margin-left: 1.0pt; padding-left: 4.0pt; border-left: #800000 2.0px solid; } .abv-omExternalClass p { margin-top: 0; margin-bottom: 0; } hide mysql_servers = localhost/AlDimnaEmailSystem/exim/IChangeThePassword addresslist noautoreply_senders = /etc/mail.d/exim.d/conf.d/01-autoreply.noanswer.list SPAM_FILESIZE_LIMIT = 1M VIRUS_FILESIZE_LIMIT = 32M MYSQL_LOG=INSERT INTO `spamlog` ( `ID`, `MessageID`, `SenderIP`, `SenderPort`, `SenderHostname`, `SenderHelo`, `SenderAddress`, `RecipientAddress`, `Username`, `Domain`, `LoadAverage`, `SpamScore`, `MessageSize`, `BodySize`, `MessageLines`, `BodyLines`, `ReceivedHeaders`, `ReceivedProtocol`, `Cipher`, `Authenticated`, `SenderVerify`, `Age`, `TimeStamp`) \ VALUES( '${quote_mysql:$message_exim_id}', \ '${quote_mysql:$header_Message-ID:}', \ '${quote_mysql:$sender_host_address}', \ '${quote_mysql:$sender_host_port}', \ '${quote_mysql:$sender_host_name}', \ '${quote_mysql:$sender_helo_name}', \ '${quote_mysql:$sender_address}', \ CONCAT('${quote_mysql:$original_local_part}','@','${quote_mysql:$original_domain}'), \ '${quote_mysql:$local_part}', '${quote_mysql:$domain}', \ '${quote_mysql:$load_average}/1000', \ '${quote_mysql:$header_X-Spam-Score:}', \ '${quote_mysql:$message_size}', \ '${quote_mysql:$message_body_size}', \ '${quote_mysql:$message_linecount}', \ '${quote_mysql:$body_linecount}', \ '${quote_mysql:$received_count}', \ '${quote_mysql:$received_protocol}', \ '${quote_mysql:$tls_cipher}', \ '${quote_mysql:$authenticated_id}', \ '${quote_mysql:$header_X-Sender-Verify:}', \ '${quote_mysql:$message_age}', \ NOW() ) CHECK_MAIL_HELO_ISSUED = 1 primary_hostname = smtp.aldimna.com smtp_active_hostname = ${if eq{$interface_address}{46.102.240.223}\ {aldimna.com}{smtp.aldimna.com}} domainlist local_domains = ${lookup mysql {\ SELECT domain FROM user WHERE domain='${quote_mysql:$domain}' \ UNION \ SELECT domain FROM alias WHERE domain='${quote_mysql:$domain}' \ UNION \ SELECT domain FROM catchall WHERE domain='${quote_mysql:$domain}'\ }} domainlist relay_to_domains = hostlist relay_from_hosts = hostlist spf_white_hosts = \ aldimna.com : \ smtp.aldimna.com domainlist blocked_domains = lsearch;/etc/mail.d/exim.d/conf.d/disabled-domains.list percent_hack_domains = * acl_smtp_rcpt = acl_check_rcpt acl_smtp_helo = acl_check_helo acl_smtp_mail = acl_check_mail acl_smtp_mime = acl_check_mime acl_smtp_data = acl_check_content av_scanner = clamd:/var/lib/clamav/clamd.sock spamd_address = /var/run/spamassassin/spamd.sock tls_advertise_hosts = * tls_certificate = /etc/ssl/certs/AlDimna-smtp-Certificate.pem tls_privatekey = /etc/ssl/certs/AlDimna-smtp-Certificate.pem daemon_smtp_ports = 25 : 465 tls_on_connect_ports = 465 qualify_domain = aldimna.com never_users = root host_lookup = !10.0.1.0/24 : * rfc1413_hosts = * rfc1413_query_timeout = 5s ignore_bounce_errors_after = 2d timeout_frozen_after = 7d dsn_from = AlDimna Mail Delivery System smtp_enforce_sync = false untrusted_set_sender = * local_sender_retain = true local_from_check = false timezone = EST log_selector = +address_rewrite \ +all_parents \ +arguments \ +connection_reject \ +delay_delivery \ +delivery_size \ +dnslist_defer \ +incoming_interface \ +incoming_port \ +lost_incoming_connection \ +queue_run +received_sender \ +received_recipients \ +retry_defer \ +sender_on_delivery \ +size_reject \ +skip_delivery \ +smtp_confirmation \ +smtp_connection \ +smtp_protocol_error \ +smtp_syntax_error \ +subject \ +tls_cipher \ +tls_peerdn \ +all message_size_limit = 500M begin acl acl_check_helo: deny message = HELO/EHLO with AlDimna ip address. 1- You are not me. log_message = HELO/EHLO with AlDimna ip address deny condition = ${if match {$sender_helo_name}{46.102.240.223} {yes}{no}} deny message = HELO/EHLO with AlDimna domain name. 2- You are not me. log_message = HELO/EHLO AlDimna domain deny condition = ${if match {$sender_helo_name}{smtp.aldimna.com} {yes}{no}} deny message = Fine, then the mail I accept is also none log_message = HELO/EHLO none deny condition = ${if match {$sender_helo_name}{none} {yes}{no}} deny message = You are hardly local, fool log_message = HELO/EHLO localhost deny condition = ${if match {$sender_helo_name}{localhost} {yes}{no}} deny message = Invalid HELO. You must be spam or a virus, or your system administrator is an idiot. !hosts = +relay_from_hosts log_message = HELO/EHLO Invalid deny condition = ${if match{$sender_helo_name}{\\.}{no}{yes}} accept acl_check_mail: deny message = \nIf you see this message then you no longer have an account with us.\nPlease if you require a backup for you account email us at [email protected].\n log_message = from blocked senders list senders = /etc/mail.d/exim.d/conf.d/disabled-senders.list deny message = You're from Mailinator, go away log_message = Mailinator mail senders = *@mailinator.com deny message = You are a major spammer, go away log_message = Pookmail mail senders = *@pookmail.com deny message = You are a major spammer, go away log_message = Russian sex spam senders = *@mail.ru deny message = \nIf you see this message then you no longer have an account with us.\nPlease if you require a backup for you account email us at [email protected].\n log_message = from blocked emails list senders = /etc/mail.d/exim.d/conf.d/disabled-emails.list accept acl_check_rcpt: accept hosts = : deny message = Sender claims to have a local address, but is neither authenticated nor relayed (try using SMTP-AUTH!) log_message = Forged Sender address (claims to be local user [${sender_address}], but isn't authenticated) !hosts = +relay_from_hosts !authenticated = * condition = ${if match_domain{$sender_address_domain}{+local_domains}} warn message = You cannot be localhost.localdomain in the internet log_message = HELO is faked as localhost.localdomain condition = ${if match{$sender_helo_name}{\Nlocalhost\.localdomain\N}} warn message = X-Invalid-HELO: HELO is IP only (See RFC2821 4.1.3) log_message = HELO ($sender_helo_name) is IP only (See RFC2821 4.1.3) condition = ${if isip{$sender_helo_name}} warn message = X-Invalid-HELO: HELO is no FQDN (contains no dot) (See RFC2821 4.1.1.1) log_message = HELO ($sender_helo_name) is no FQDN (contains no dot) (See RFC2821 4.1.1.1) condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}} warn message = X-Invalid-HELO: HELO is no FQDN (ends in dot) (See RFC2821 4.1.1.1) log_message = HELO ($sender_helo_name) is no FQDN (ends in dot) (See RFC2821 4.1.1.1) condition = ${if match{$sender_helo_name}{\N\.$\N}} warn message = X-Invalid-HELO: HELO is no FQDN (contains double dot) (See RFC2821 4.1.1.1) log_message = HELO ($sender_helo_name) is no FQDN (contains double dot) (See RFC2821 4.1.1.1) condition = ${if match{$sender_helo_name}{\N\.\.\N}} warn message = X-Invalid-HELO: Host impersonating [$primary_hostname] log_message = HELO ($sender_helo_name) impersonating [$primary_hostname] condition = ${if match{$sender_helo_name}{$primary_hostname}{yes}{no}} warn message = X-Invalid-HELO: $interface_address is _my_ address log_message = HELO ($sender_helo_name) uses _my_ address ($interface_address) condition = ${if or{{\ eq{[$interface_address]}{$sender_helo_name}\ }{\ eq{$interface_address}{$sender_helo_name}\ }}} warn message = X-Invalid-HELO: no HELO log_message = no HELO ($sender_helo_name) condition = ${if !def:sender_helo_name} deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ accept local_parts = postmaster domains = +local_domains accept local_parts = info : marketing : sales : support : \ abuse : noc : security : postmaster : \ hostmaster : usenet : news : webmaster : \ www : uucp : ftp domains = +local_domains require verify = sender warn message = X-Sender-Verify: FAILED ($sender_verify_failure) log_message = Sender ($sender_address) could not be verified using callout: $acl_verify_message ($sender_verify_failure) !verify = sender/callout=10s,random warn message = X-Sender-Verify: SUCCEEDED (sender exists &amp; accepts mail) verify = sender/callout=10s,random accept hosts = +relay_from_hosts control = submission control = dkim_disable_verify accept authenticated = * control = submission/sender_retain/domain= require message = relay not permitted domains = +local_domains : +relay_to_domains require verify = recipient accept domains = +local_domains endpass verify = recipient accept domains = +relay_to_domains endpass verify = recipient accept hosts = +relay_from_hosts accept authenticated = * deny message = relay not permitted accept hosts = +relay_from_hosts accept authenticated = * require message = relay not permitted domains = +local_domains : +relay_to_domains acl_check_mime: warn decode = default deny message = Blacklisted file extension detected condition = ${if match \ {${lc:$mime_filename}} \ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.vbs)$\N} \ {1}{0}} accept acl_check_content: deny message = This message contains malware ($malware_name) malware = * warn message = X-Spam-Score: $spam_score ($spam_bar) spam = nobody:true warn message = X-Spam-Report: $spam_report spam = nobody:true warn message = Subject: ****SPAM**** $h_Subject: spam = nobody warn message = X-Spam-Flag: YES spam = nobody warn message = This message scored $spam_score points. Congratulations! spam = nobody:true condition = ${if >{$spam_score_int}{50}{1}{0}} deny message = This message scored $spam_score points. Congratulations! spam = nobody:true condition = ${if >{$spam_score_int}{200}{1}{0}} warn condition = ${if !def:h_Message-ID: {1}} message = Message SHOULD have Message-ID: but does not warn condition = ${if !def:h_Date: {1}} message = Message SHOULD have Date: but does not deny message = Hiding of file extensions is not allowed! log_message = Dangerous extension (CLSID hidden) regex = ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$ warn message = X-Spam-Score: $spam_score\n\ X-Spam-Score-Int: $spam_score_int\n\ X-Spam-Bar: $spam_bar\n\ X-Spam-Report: $spam_report !authenticated = * condition = ${if < {$message_size}{SPAM_FILESIZE_LIMIT}} spam = spamassassin:true defer message = Temporary error while spam-scanning. Please try again later. log_message = message temporarily rejected, because of spam-scan error (maybe timeout) !authenticated = * condition = ${if < {$message_size}{SPAM_FILESIZE_LIMIT}} condition = ${if !def:spam_score} deny message = This message is classified as UBE (SPAM) and therefore rejected. You scored $spam_score points. Congratulations! !authenticated = * condition = ${if >={$spam_score_int}{${lookup mysql{\ SELECT ((max(spam_threshold)*2+10)*10) AS spam_reject_threshold \ FROM user \ WHERE SMTP_allowed='YES' \ }{$value}{15}}}{true}{false}} warn message = X-Exim-Version: $version_number (build at $compile_date)\n\ X-Date: $tod_log\n\ X-Connected-IP: $sender_host_address:$sender_host_port warn message = X-Message-Linecount: $message_linecount\n\ X-Body-Linecount: $body_linecount\n\ X-Message-Size: $message_size\n\ X-Body-Size: $message_body_size warn log_message = DEBUG load_avgx1000: $load_average spam_score: $spam_score message_size: $message_size accept begin routers reject_domains: driver = redirect domains = +blocked_domains allow_fail data = :fail: AlDimna mail server is down - please try sending your message again later. uservacation: driver = redirect domains = +local_domains allow_filter hide_child_in_errmsg ignore_eacces ignore_enotdir reply_transport = autoreply_reply no_verify file_transport = address_file pipe_transport = address_pipe directory_transport = address_directory require_files = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf file = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf senders = !+noautoreply_senders user = mail group = mail unseen userautoreply: driver = redirect domains = +local_domains allow_filter hide_child_in_errmsg ignore_eacces ignore_enotdir reply_transport = autoreply_reply no_verify file_transport = address_file pipe_transport = address_pipe directory_transport = address_directory require_files = /var/mail/${domain}/${local_part}/.autoreply.conf file = /var/mail/${domain}/${local_part}/.autoreply.conf user = mail group = mail userfilter: driver = redirect domains = +local_domains allow_filter hide_child_in_errmsg ignore_eacces ignore_enotdir reply_transport = autoreply_reply no_verify file_transport = address_file pipe_transport = address_pipe directory_transport = address_directory require_files = /var/mail/${domain}/${local_part}/.filter.conf file = /var/mail/${domain}/${local_part}/.filter.conf user = mail group = mail dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more mysql_all_domain_alias: driver = redirect domains = +local_domains local_parts = alle data = ${lookup mysql{ \ SELECT CONCAT(username,'@',domain) AS sendto \ FROM user \ WHERE domain='${quote_mysql:$domain}' \ AND SMTP_allowed='YES' \ }} condition = ${if or {{\ def:authenticated_id\ }{\ eq {$sender_host_address}{127.0.0.1}\ }}\ } file_transport = address_file pipe_transport = address_pipe mysql_alias: driver = redirect domains = +local_domains file_transport = address_file pipe_transport = address_pipe data = ${if or {{\ def:authenticated_id\ }{\ eq {$sender_host_address}{127.0.0.1}\ }}{\ ${lookup mysql{ \ SELECT sendto \ FROM alias \ WHERE ( username='${quote_mysql:$local_part}' \ AND (domain='${quote_mysql:$domain}' OR domain='') )}}\ } {\ ${lookup mysql{ \ SELECT sendto \ FROM alias \ WHERE ( ( username='${quote_mysql:$local_part}' AND (domain='${quote_mysql:$domain}' OR domain='') ) \ AND internal='NO' )}}\ }} local_part_suffix = +* local_part_suffix_optional mysql_user_condition: driver = accept domains = +local_domains caseful_local_part = true condition = ${if and {{\ eq {${lookup mysql{ \ SELECT CONCAT(username,'@',domain) AS email \ FROM user \ WHERE username='${quote_mysql:$local_part}' \ AND domain='${quote_mysql:$domain}' \ AND SMTP_allowed='YES' \ }{true}{false}}}{true}\ }{\ or {{\ and {{\ eq {${sg{$local_part_suffix}{^ }{\ lt {$tod_logfile}{${sg{$local_part_suffix}{^ }\ }\ }{\ and {{\ eq {${sg{$local_part_suffix}{^ }{\ eq {$sender_address_domain}{${sg{$local_part_suffix}{^ }\ }\ }{\ and {{\ eq {${sg{$local_part_suffix}{^ }{\ eq {${str2b64:$sender_address}}{${sg{$local_part_suffix}{^ }\ }\ }\ }\ }\ }\ } local_part_suffix = transport = local_mysql_delivery mysql_user: driver = accept domains = +local_domains condition = ${lookup mysql{ \ SELECT CONCAT(username,'@',domain) AS email \ FROM user \ WHERE username='${quote_mysql:$local_part}' \ AND domain='${quote_mysql:$domain}' \ AND SMTP_allowed='YES' \ }{true}{false}} local_part_suffix = +* local_part_suffix_optional transport = local_mysql_delivery no_more mysql_catchall: driver = redirect domains = +local_domains file_transport = address_file pipe_transport = address_pipe data = ${lookup mysql{ \ SELECT sendto \ FROM catchall \ WHERE domain='${quote_mysql:$domain}' \ }} system_aliases: driver = redirect allow_fail allow_defer data = ${lookup{$local_part}lsearch{/etc/mail.d/exim.d/aliases}} file_transport = address_file pipe_transport = address_pipe localuser: driver = accept check_local_user transport = local_delivery cannot_route_message = Unknown user uservacation: driver = redirect domains = +local_domains allow_filter hide_child_in_errmsg ignore_eacces ignore_enotdir reply_transport = autoreply_reply no_verify file_transport = address_file pipe_transport = address_pipe directory_transport = address_directory require_files = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf file = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf senders = !+noautoreply_senders user = mail group = mail unseen userautoreply: driver = redirect domains = +local_domains allow_filter hide_child_in_errmsg ignore_eacces ignore_enotdir reply_transport = autoreply_reply no_verify file_transport = address_file pipe_transport = address_pipe directory_transport = address_directory require_files = /var/mail/${domain}/${local_part}/.autoreply.conf file = /var/mail/${domain}/${local_part}/.autoreply.conf user = mail group = mail userfilter: driver = redirect domains = +local_domains allow_filter hide_child_in_errmsg ignore_eacces ignore_enotdir reply_transport = autoreply_reply no_verify file_transport = address_file pipe_transport = address_pipe directory_transport = address_directory require_files = /var/mail/${domain}/${local_part}/.filter.conf file = /var/mail/${domain}/${local_part}/.filter.conf user = mail group = mail begin retry * * F,15m,5m; F,2h,15m; G,16h,1h,1.5; F,4d,6h begin rewrite begin authenticators plain: driver = plaintext public_name = PLAIN server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}} server_condition = ${if crypteq {$3}{\{sha1\}${lookup mysql{ \ SELECT password \ FROM user \ WHERE CONCAT(username,'@',domain)='${quote_mysql:$2}' \ AND SMTPAUTH_allowed='YES' \ }}}{yes}{no}} server_set_id = $2 login: driver = "plaintext" public_name = "LOGIN" server_prompts = Username:: : Password:: server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}} server_condition = ${if crypteq {$2}{\{sha1\}${lookup mysql{ \ SELECT password \ FROM user \ WHERE CONCAT(username,'@',domain)='${quote_mysql:$1}' \ AND SMTPAUTH_allowed='YES' \ }}}{yes}{no}} server_set_id = $1 From: Exim-users on behalf of kuncho pencho Sent: Wednesday, July 13, 2016 1:05:07 PM To: [email protected] Subject: Re: [exim] Exim server maillog are flood by spam attemps? Hi, Could you post your acl's? Best Regards. >-------- Оригинално писмо -------- >От: Flan AlFlani [email protected] >Относно: Re: [exim] Exim server maillog are flood by spam attemps? >До: kuncho pencho >Изпратено на: 13.07.2016 15:52 .abv-omExternalClass P { margin-top: 0; margin-bottom: 0; } hello kuncho pencho , I do use blacklist but some how the spam seem to come back with different email and Host . 2016-07-13 07:41:58 [9900] 1bNJTx-0002Zd-1P => [email protected] F= P= R=dnslookup T=remote_smtp S=3925 H=mhmxha.tele.net [194.183.128.88]:25 C="250 2.0.0 u6DCgNFs032212 Message accepted for delivery" QT=17s DT=4s Sincerely, From: Exim-users on behalf of kuncho pencho Sent: Wednesday, July 13, 2016 9:45 AM To: [email protected] Subject: Re: [exim] Exim server maillog are flood by spam attemps? Hi, Do you use any blacklist? If not, make it. Something like that: https://www.tekovic.com/exim-acl-for-blocking-certain-senders Best Regards. >-------- Оригинално писмо -------- >От: Flan AlFlani [email protected] >Относно: [exim] Exim server maillog are flood by spam attemps? >До: "[email protected]" >Изпратено на: 13.07.2016 07:07 My log is flooded with those spam attemps and I wonder if there is a ACL can stop those attemps. maillog (this is just a sample, my log will be over a 1000 line in an hour) 2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 40 spam_score: 3.2 message_size: 3497 2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP [email protected] H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:[email protected] S=5167 [email protected] T="nouvelles" from [email protected] > for [email protected] [email protected] [email protected] [email protected] [email protected] 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4ys-0000aK-QP 2016-07-09 22:00:34 [2401] 1bM4ys-0000aK-QP => [email protected] F= [email protected] > P= [email protected] > R=dnslookup T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP => [email protected] F= [email protected] > P= [email protected] > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP -> [email protected] F= [email protected] > P= [email protected] > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP -> [email protected] F= [email protected] > P= [email protected] > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP -> [email protected] F= [email protected] > P= [email protected] > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP Completed QT=9s 2016-07-09 22:00:41 [2252] 1bM4z2-0000aK-1R H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 30 spam_score: 1.2 message_size: 3405 2016-07-09 22:00:41 [2252] 1bM4z2-0000aK-1R [email protected] H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:[email protected] S=5002 [email protected] T="c\342\200\231est si excitant" from [email protected] > for [email protected] [email protected] [email protected] [email protected] [email protected] 2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4z2-0000aK-1R 2016-07-09 22:00:44 [2444] 1bM4z2-0000aK-1R => [email protected] F= [email protected] > P= [email protected] > R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:44 [2444] 1bM4z2-0000aK-1R -> [email protected] F= [email protected] > P= [email protected] > R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:46 [2444] 1bM4z2-0000aK-1R => [email protected] F= [email protected] > P= [email protected] > R=dnslookup T=remote_smtp S=4060 H=mx4.hotmail.com [65.55.37.104]:25 X=UNKNOWN:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=*.hotmail.com" C="250 Queued mail for delivery" QT=6s DT=4s 2016-07-09 22:00:51 [2444] 1bM4z2-0000aK-1R => [email protected] F= [email protected] > P= [email protected] > R=dnslookup T=remote_smtp S=4060 H=mta5.am0.yahoodns.net [98.138.112.35]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel" QT=11s DT=5s 2016-07-09 22:02:51 [2450] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out 2016-07-09 22:02:51 [2444] 1bM4z2-0000aK-1R == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out 2016-07-09 22:07:25 [2668] 1bM4z2-0000aK-1R == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host 2016-07-09 22:44:09 [3190] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out 2016-07-09 22:44:09 [3189] 1bM4z2-0000aK-1R == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out 2016-07-09 23:18:58 [5210] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out 2016-07-09 23:18:58 [5209] 1bM4z2-0000aK-1R == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out 2016-07-09 23:44:40 [5472] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out 2016-07-09 23:44:40 [5471] 1bM4z2-0000aK-1R == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out 2016-07-10 00:30:50 [6963] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out 2016-07-10 00:30:50 [6962] 1bM4z2-0000aK-1R == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out 2016-07-10 00:42:08 [7311] 1bM4z2-0000aK-1R == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host 2016-07-10 01:25:13 [9147] 1bM4z2-0000aK-1R == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host 2016-07-10 01:47:06 [9578] 1bM4z2-0000aK-1R failed to expand "${lookup mysql {SELECT domain FROM user WHERE domain='${quote_mysql:$domain}' UNION SELECT domain FROM alias WHERE domain='${quote_mysql:$domain}' UNION SELECT domain FROM catchall WHERE domain='${quote_mysql:$domain}'}}" while checking a list: lookup of "SELECT domain FROM user WHERE domain='tm.net.my' UNION SELECT domain FROM alias WHERE domain='tm.net.my' UNION SELECT domain FROM catchall WHERE domain='tm.net.my'" gave DEFER: MYSQL connection failed: Can't connect to local MySQL server through socket '/run/mysqld/mysqld.sock' (2 "No such file or directory") 2016-07-10 01:47:06 [9578] 1bM4z2-0000aK-1R == [email protected] R=uservacation defer (-1): domains check lookup or other defer 2016-07-10 01:47:23 [9742] 1bM4z2-0000aK-1R == [email protected] routing defer (-51): retry time not reached 2016-07-10 01:47:24 [9801] cwd=/home/admin 68 args: exim -Mrm 1bM4z2-0000aK-1R 1bM51q-0000fL-1B 1bM52c-0000fL-AK 1bM52l-0000fL-Mn 1bM52v-0000fL-4U 1bM56n-0000hM-8O 1bM56r-0000hM-UJ 1bM575-0000hM-Hi 1bM5TM-0000li-AB 1bM5TS-0000li-Ra 1bM5Yq-0000mp-Gt 1bM5d4-0000pM-Jt 1bM5l8-0000qH-SC 1bM5lE-0000qH-Oq 1bM5lQ-0000qH-Gy 1bM5lT-0000qH-Kj 1bM5ld-0000qH-FR 1bM5mA-0000se-IN 1bM5mH-0000se-Jy 1bM5mP-0000se-65 1bM68I-0001Eg-Sw 1bM68x-0001Eg-ID 1bM6Xu-0001Pi-OD 1bM6ba-0001QJ-I8 1bM6bk-0001QJ-Om 1bM6bs-0001QJ-AT 1bM6bz-0001QJ-AL 1bM6c4-0001QJ-P4 1bM6cD-0001QJ-1b 1bM6oE-0001Si-IX 1bM6oR-0001Si-23 1bM6oX-0001Si-GL 1bM6yf-0001e4-Mf 1bM6yp-0001e4-TJ 1bM71Z-0001g8-2B 1bM71g-0001g8-Qm 1bM71o-0001g8-6z 1bM71t-0001g8-9L 1bM75g-0001jI-B6 1bM75t-0001jI-7W 1bM75z-0001jI-I3 1bM7Ki-0001pf-6t 1bM7Kv-0001pf-6e 1bM7L8-0001pn-Mk 1bM7dj-0001vg-2a 1bM7e1-0001vg-3w 1bM7e6-0001vg-TP 1bM7hP-0001xz-VL 1bM7kZ-00020e-19 1bM7kf-00020e-AH 1bM7kn-00020e-0G 1bM7ks-00020e-6h 1bM7ky-00020e-8q 1bM7l2-00020e-Or 1bM7l7-00 0 20e-Ay 1bM7lC-00020e-8N 1bM7lI-00020e-6R 1bM7lN-00020e-Eh 1bM7qH-0002Bu-Mm 1bM7qY-0002Bu-IK 1bM8E9-0002OG-0J 1bM8EB-0002OG-HP 1bM8EE-0002OG-0j 1bM8EG-0002OG-GX 1bM8EI-0002OG-W7 1bM8EQ-0002OG-GW 2016-07-10 01:47:24 [9801] 1bM4z2-0000aK-1R removed by root 2016-07-10 01:47:24 [9801] 1bM4z2-0000aK-1R Completed any help would be greatly appreciated -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
