date:20160713

[exim] address rewritting when "yielded unparseable address: empty address in address" happens

2016-07-13 Thread Arkadiusz Miśkiewicz


Scenario:

^test@$primary_hostname   "$h_from:"Ffs
^test@$primary_hostname   ""   Ffs

First rule in some cases will return "yielded unparseable address:
empty address in address" which is fine and expected.

But exim will stop rewritting in such case. It won't go to next rule (which
I wanted to be a fallback rule). And that's unexpected.

Docs ( 
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-address_rewriting.html
 )
don't seem to mention anything about such case, so I assumed next rewrite rule 
to be applied.


For now I have a workaround for such problem:
^test@$primary_hostname   "${if !eq {${address:$h_from:}}{} 
{${address:$h_from:}}fail }"Ffs
^test@$primary_hostname   ""   Ffs
When "fail" is returned then exim uses next rule.

I wonder if that's (stopping when unparseable address occurs) a bug (and exim
should try next rule) or a feature (if feature then would be nice to see it 
documented) ?

jgh_ on #exim suggests that this is a feature.

-- 
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Exim server maillog are flood by spam attemps?

2016-07-13 Thread Gót András


Hi,

Check the mysql_smtp_login part. That account might have been 
compromised, change the password asap imho. You may also notify your 
users to periodically change their password and keep their emailing 
devices up-to-date.


Andras

2016-07-13 06:07 időpontban Flan AlFlani ezt írta:

My log is flooded with those spam attemps and I wonder if there is a
ACL can stop those attemps.

maillog (this is just a sample, my log will be over a 1000 line in an 
hour)


2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com)
[192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG  load_avgx1000:
40  spam_score: 3.2  message_size: 3497
2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP <=
faisal.alaz...@aldimna.com H=192-159-50-175.oolw.qwirelessbb.net
(avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa
X=UNKNOWN:AES256-GCM-SHA384:256 CV=no
A=login:faisal.alaz...@aldimna.com S=5167
id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" from
 for siew3...@yahoo.com
kammari.mur...@gmail.com kan...@yahoo.com karenyesu...@yahoo.com
kerct1...@yahoo.com
2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim
-Mc 1bM4ys-aK-QP
2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP =>
kammari.mur...@gmail.com F=
P= R=dnslookup T=remote_smtp S=4156
H=gmail-smtp-in.l.google.com [74.125.136.27]:25
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com"
C="250 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP => siew3...@yahoo.com
F= P=
R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net
[98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kan...@yahoo.com
F= P=
R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net
[98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> karenyesu...@yahoo.com
F= P=
R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net
[98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kerct1...@yahoo.com
F= P=
R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net
[98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP Completed QT=9s

2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com)
[192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG  load_avgx1000:
30  spam_score: 1.2  message_size: 3405
2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R <=
faisal.alaz...@aldimna.com H=192-159-50-175.oolw.qwirelessbb.net
(avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa
X=UNKNOWN:AES256-GCM-SHA384:256 CV=no
A=login:faisal.alaz...@aldimna.com S=5002
id=7bfddeb3$b987df01$0586e10c$@yahoo.com T="c\342\200\231est si
excitant" from  for florencek...@gmail.com
sweet...@hotmail.com tic...@gmail.com yhk...@tm.net.my
green...@yahoo.com
2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim
-Mc 1bM4z2-aK-1R
2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R => florencek...@gmail.com
F= P=
R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com
[74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com"
C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R -> tic...@gmail.com
F= P=
R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com
[74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com"
C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:46 [2444] 1bM4z2-aK-1R => sweet...@hotmail.com
F= P=
R=dnslookup T=remote_smtp S=4060 H=mx4.hotmail.com [65.55.37.104]:25

Re: [exim] Exim server maillog are flood by spam attemps?

2016-07-13 Thread Chris Siebenmann

> My log is flooded with those spam attemps and I wonder if there is a
> ACL can stop those attemps.

 If these are compromised accounts that are leading to you being used
to send/relay spam to other people, you should look at submission
ratelimits. A typical acl_smtp_rcpt ACL stanza might be:

defer
ratelimit = 200 / 60m / per_addr / $authenticated_id
delay = 10s
message = Sending too fast, try again later.

Then you have to watch your logs to determine compromised accounts and
fix them. It might be possible to automatically lock out accounts that
trigger ratelimiting, but you'd probably have to build this yourself
as I suspect no one has a canned recipe for it.

(It's definitely possible; Exim is very powerful and flexible. Expect
to have to read the Exim documentation carefully, and understand that
you're basically writing a little program.)

- cks

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Exim server maillog are flood by spam attemps?

2016-07-13 Thread Renaud Allard

Hello,

I don't see anything really surprising. If mails sent by
faisal.alaz...@aldimna.com are spam, then his account may have been
compromised or he might have some malware on his computer.

If you are talking about mails sent to yhk...@tm.net.my, you will need
to check from where they are sent first.

Regards

On 07/13/2016 06:07 AM, Flan AlFlani wrote:
> My log is flooded with those spam attemps and I wonder if there is a ACL can 
> stop those attemps.
> 
> maillog (this is just a sample, my log will be over a 1000 line in an hour)
> 
> 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP 
> H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
> I=[10.0.1.1]:465 Warning: DEBUG  load_avgx1000: 40  spam_score: 3.2  
> message_size: 3497
> 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP <= faisal.alaz...@aldimna.com 
> H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
> I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no 
> A=login:faisal.alaz...@aldimna.com S=5167 
> id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" from 
>  for siew3...@yahoo.com kammari.mur...@gmail.com 
> kan...@yahoo.com karenyesu...@yahoo.com kerct1...@yahoo.com
> 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
> 1bM4ys-aK-QP
> 2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP => kammari.mur...@gmail.com 
> F= P= R=dnslookup 
> T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
> X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
> DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
> 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s
> 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP => siew3...@yahoo.com 
> F= P= R=dnslookup 
> T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
> X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
> DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
> Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
> 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kan...@yahoo.com 
> F= P= R=dnslookup 
> T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
> X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
> DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
> Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
> 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> karenyesu...@yahoo.com 
> F= P= R=dnslookup 
> T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
> X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
> DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
> Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
> 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kerct1...@yahoo.com 
> F= P= R=dnslookup 
> T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
> X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
> DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
> Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
> 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP Completed QT=9s
> 
> 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R 
> H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
> I=[10.0.1.1]:465 Warning: DEBUG  load_avgx1000: 30  spam_score: 1.2  
> message_size: 3405
> 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R <= faisal.alaz...@aldimna.com 
> H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
> I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no 
> A=login:faisal.alaz...@aldimna.com S=5002 
> id=7bfddeb3$b987df01$0586e10c$@yahoo.com T="c\342\200\231est si excitant" 
> from  for florencek...@gmail.com 
> sweet...@hotmail.com tic...@gmail.com yhk...@tm.net.my green...@yahoo.com
> 2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
> 1bM4z2-aK-1R
> 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R => florencek...@gmail.com 
> F= P= R=dnslookup 
> T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
> X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
> DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
> 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
> 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R -> tic...@gmail.com 
> F= P= R=dnslookup 
> T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
> X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
> DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
> 2.0.0 OK

Re: [exim] Exim server maillog are flood by spam attemps?

2016-07-13 Thread kuncho pencho

Hi,

Could you post your acl's? 

Best Regards.








 > Оригинално писмо 

 >От: Flan AlFlani solo9...@hotmail.com

 >Относно: Re: [exim] Exim server maillog are flood by spam attemps?

 >До: kuncho pencho  

 >Изпратено на: 13.07.2016 15:52



   
   .abv-omExternalClass P { margin-top: 0; margin-bottom: 0; }   
 
  

   
  

hello kuncho pencho ,
 


 
 

I do use

  blacklist but some how the spam seem to come back with
different email and Host
.  
 

 
  
 

  
  
  2016-07-13 07:41:58 [9900] 1bNJTx-0002Zd-1P => i...@laendledeal.at F=  P= 
 R=dnslookup T=remote_smtp S=3925 H=mhmxha.tele.net [194.183.128.88]:25 C="250 
2.0.0 u6DCgNFs032212 Message accepted for delivery" QT=17s DT=4s
   
  
  
 
   
  
 


 
 


 
 

Sincerely,

 


 
 
   
  
 
  
   
From:  Exim-users   on behalf of kuncho pencho  
  Sent:  Wednesday, July 13, 2016 9:45 AM
  To:  exim-users@exim.org
  Subject:  Re: [exim] Exim server maillog are flood by spam attemps?  
   
   


   
  
   
   
   Hi, 
   
 
   
 Do you use any blacklist? If not, make it. Something like that:
   
 
   
 
https://www.tekovic.com/exim-acl-for-blocking-certain-senders 
   
 
   
 Best Regards. 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
> Оригинално писмо 
   
 
   
 
>От: Flan AlFlani solo9...@hotmail.com
   
 
   
 
>Относно: [exim] Exim server maillog are flood by spam attemps?
   
 
   
 
>До: "exim-users@exim.org"
 
   
 
   
 
>Изпратено на: 13.07.2016 07:07
   
 
   
 
   
 My log is flooded with those spam attemps and I wonder if there is a ACL can 
stop those attemps.
   
 
   
 
   
 
   
 maillog (this is just a sample, my log will be over a 1000 line in an hour)
   
 
   
 
   
 
   
 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP 
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 Warning: DEBUG
 load_avgx1000: 40
 spam_score: 3.2
 message_size: 3497
   
 
   
 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP
 faisal.alaz...@aldimna.com
 H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no 
A=login:faisal.alaz...@aldimna.com S=5167 
id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" from
 faisal.alaz...@aldimna.com > for
 siew3...@yahoo.com
 kammari.mur...@gmail.com
 kan...@yahoo.com
 karenyesu...@yahoo.com
 kerct1...@yahoo.com 
   
 
   
 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
1bM4ys-aK-QP
   
 
   
 2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP =>
 kammari.mur...@gmail.com
 F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s
   
 
   
 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP =>
 siew3...@yahoo.com
 F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
   
 
   
 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP ->
 kan...@yahoo.com
 F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
   
 
   
 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP ->
 karenyesu...@yahoo.com
 F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
   
 
   
 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP ->
 kerct1...@yahoo.com
 F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
   
 
   
 2016-07-09 22:00:39 [2401]

Re: [exim] Exim server maillog are flood by spam attemps?

2016-07-13 Thread kuncho pencho

Hi, 

Do you use any blacklist? If not, make it. Something like that:

https://www.tekovic.com/exim-acl-for-blocking-certain-senders

Best Regards. 








 > Оригинално писмо 

 >От: Flan AlFlani solo9...@hotmail.com

 >Относно: [exim] Exim server maillog are flood by spam attemps?

 >До: "exim-users@exim.org"  

 >Изпратено на: 13.07.2016 07:07


My log is flooded with those spam attemps and I wonder if there is a ACL can 
stop those attemps.



maillog (this is just a sample, my log will be over a 1000 line in an hour)



2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP 
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 Warning: DEBUG  load_avgx1000: 40  spam_score: 3.2  
message_size: 3497

2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP  faisal.alaz...@aldimna.com  
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no 
A=login:faisal.alaz...@aldimna.com S=5167 
id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" from  
faisal.alaz...@aldimna.com > for  siew3...@yahoo.com  kammari.mur...@gmail.com  
kan...@yahoo.com  karenyesu...@yahoo.com  kerct1...@yahoo.com 

2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
1bM4ys-aK-QP

2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP =>  kammari.mur...@gmail.com  F= 
faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s

2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP =>  siew3...@yahoo.com  F= 
faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s

2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP ->  kan...@yahoo.com  F= 
faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s

2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP ->  karenyesu...@yahoo.com  F= 
faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s

2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP ->  kerct1...@yahoo.com  F= 
faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s

2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP Completed QT=9s



2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R 
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 Warning: DEBUG  load_avgx1000: 30  spam_score: 1.2  
message_size: 3405

2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R  faisal.alaz...@aldimna.com  
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no 
A=login:faisal.alaz...@aldimna.com S=5002 
id=7bfddeb3$b987df01$0586e10c$@yahoo.com T="c\342\200\231est si excitant" 
from  faisal.alaz...@aldimna.com > for  florencek...@gmail.com  
sweet...@hotmail.com  tic...@gmail.com  yhk...@tm.net.my  green...@yahoo.com 

2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
1bM4z2-aK-1R

2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R =>  florencek...@gmail.com  F= 
faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s

2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R ->  tic...@gmail.com  F= 
faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup 
T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s

2016-07-09 22:00:46 [2444]

[exim] Exim server maillog are flood by spam attemps?

2016-07-13 Thread Flan AlFlani

My log is flooded with those spam attemps and I wonder if there is a ACL can 
stop those attemps.

maillog (this is just a sample, my log will be over a 1000 line in an hour)

2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP 
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 Warning: DEBUG  load_avgx1000: 40  spam_score: 3.2  
message_size: 3497
2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP <= faisal.alaz...@aldimna.com 
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no 
A=login:faisal.alaz...@aldimna.com S=5167 
id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" from 
 for siew3...@yahoo.com kammari.mur...@gmail.com 
kan...@yahoo.com karenyesu...@yahoo.com kerct1...@yahoo.com
2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
1bM4ys-aK-QP
2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP => kammari.mur...@gmail.com 
F= P= R=dnslookup 
T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP => siew3...@yahoo.com 
F= P= R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kan...@yahoo.com 
F= P= R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> karenyesu...@yahoo.com 
F= P= R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kerct1...@yahoo.com 
F= P= R=dnslookup 
T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information 
Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP Completed QT=9s

2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R 
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 Warning: DEBUG  load_avgx1000: 30  spam_score: 1.2  
message_size: 3405
2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R <= faisal.alaz...@aldimna.com 
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 
I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no 
A=login:faisal.alaz...@aldimna.com S=5002 
id=7bfddeb3$b987df01$0586e10c$@yahoo.com T="c\342\200\231est si excitant" 
from  for florencek...@gmail.com 
sweet...@hotmail.com tic...@gmail.com yhk...@tm.net.my green...@yahoo.com
2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
1bM4z2-aK-1R
2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R => florencek...@gmail.com 
F= P= R=dnslookup 
T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R -> tic...@gmail.com 
F= P= R=dnslookup 
T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 
X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no 
DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 
2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:46 [2444] 1bM4z2-aK-1R => sweet...@hotmail.com 
F= P= R=dnslookup 
T=remote_smtp S=4060 H=mx4.hotmail.com [65.55.37.104]:25 
X=UNKNOWN:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=*.hotmail.com" C="250  
<7bfddeb3$b987df01$0586e10c$@yahoo.com> Queued mail for delivery" QT=6s 
DT=4s
2016-07-09 22:00:51 [2444] 1bM4z2-aK-1R => green...@yahoo.com 
F=

[exim] address rewritting when "yielded unparseable address: empty address in address" happens

Re: [exim] Exim server maillog are flood by spam attemps?

Re: [exim] Exim server maillog are flood by spam attemps?

Re: [exim] Exim server maillog are flood by spam attemps?

Re: [exim] Exim server maillog are flood by spam attemps?

Re: [exim] Exim server maillog are flood by spam attemps?

[exim] Exim server maillog are flood by spam attemps?

7 matches

Site Navigation

Mail list logo

Footer information