[exim] address rewritting when "yielded unparseable address: empty address in address" happens
Scenario: ^test@$primary_hostname "$h_from:"Ffs ^test@$primary_hostname "" Ffs First rule in some cases will return "yielded unparseable address: empty address in address" which is fine and expected. But exim will stop rewritting in such case. It won't go to next rule (which I wanted to be a fallback rule). And that's unexpected. Docs ( http://www.exim.org/exim-html-current/doc/html/spec_html/ch-address_rewriting.html ) don't seem to mention anything about such case, so I assumed next rewrite rule to be applied. For now I have a workaround for such problem: ^test@$primary_hostname "${if !eq {${address:$h_from:}}{} {${address:$h_from:}}fail }"Ffs ^test@$primary_hostname " " Ffs When "fail" is returned then exim uses next rule. I wonder if that's (stopping when unparseable address occurs) a bug (and exim should try next rule) or a feature (if feature then would be nice to see it documented) ? jgh_ on #exim suggests that this is a feature. -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim server maillog are flood by spam attemps?
Hi, Check the mysql_smtp_login part. That account might have been compromised, change the password asap imho. You may also notify your users to periodically change their password and keep their emailing devices up-to-date. Andras 2016-07-13 06:07 időpontban Flan AlFlani ezt írta: My log is flooded with those spam attemps and I wonder if there is a ACL can stop those attemps. maillog (this is just a sample, my log will be over a 1000 line in an hour) 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 40 spam_score: 3.2 message_size: 3497 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP <= faisal.alaz...@aldimna.com H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alaz...@aldimna.com S=5167 id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" fromfor siew3...@yahoo.com kammari.mur...@gmail.com kan...@yahoo.com karenyesu...@yahoo.com kerct1...@yahoo.com 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4ys-aK-QP 2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP => kammari.mur...@gmail.com F= P= R=dnslookup T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP => siew3...@yahoo.com F= P= R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kan...@yahoo.com F= P= R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> karenyesu...@yahoo.com F= P= R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kerct1...@yahoo.com F= P= R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP Completed QT=9s 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 30 spam_score: 1.2 message_size: 3405 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R <= faisal.alaz...@aldimna.com H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alaz...@aldimna.com S=5002 id=7bfddeb3$b987df01$0586e10c$@yahoo.com T="c\342\200\231est si excitant" from for florencek...@gmail.com sweet...@hotmail.com tic...@gmail.com yhk...@tm.net.my green...@yahoo.com 2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4z2-aK-1R 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R => florencek...@gmail.com F= P= R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R -> tic...@gmail.com F= P= R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:46 [2444] 1bM4z2-aK-1R => sweet...@hotmail.com F= P= R=dnslookup T=remote_smtp S=4060 H=mx4.hotmail.com [65.55.37.104]:25
Re: [exim] Exim server maillog are flood by spam attemps?
> My log is flooded with those spam attemps and I wonder if there is a > ACL can stop those attemps. If these are compromised accounts that are leading to you being used to send/relay spam to other people, you should look at submission ratelimits. A typical acl_smtp_rcpt ACL stanza might be: defer ratelimit = 200 / 60m / per_addr / $authenticated_id delay = 10s message = Sending too fast, try again later. Then you have to watch your logs to determine compromised accounts and fix them. It might be possible to automatically lock out accounts that trigger ratelimiting, but you'd probably have to build this yourself as I suspect no one has a canned recipe for it. (It's definitely possible; Exim is very powerful and flexible. Expect to have to read the Exim documentation carefully, and understand that you're basically writing a little program.) - cks -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim server maillog are flood by spam attemps?
Hello, I don't see anything really surprising. If mails sent by faisal.alaz...@aldimna.com are spam, then his account may have been compromised or he might have some malware on his computer. If you are talking about mails sent to yhk...@tm.net.my, you will need to check from where they are sent first. Regards On 07/13/2016 06:07 AM, Flan AlFlani wrote: > My log is flooded with those spam attemps and I wonder if there is a ACL can > stop those attemps. > > maillog (this is just a sample, my log will be over a 1000 line in an hour) > > 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP > H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 > I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 40 spam_score: 3.2 > message_size: 3497 > 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP <= faisal.alaz...@aldimna.com > H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 > I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no > A=login:faisal.alaz...@aldimna.com S=5167 > id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" from >for siew3...@yahoo.com kammari.mur...@gmail.com > kan...@yahoo.com karenyesu...@yahoo.com kerct1...@yahoo.com > 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc > 1bM4ys-aK-QP > 2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP => kammari.mur...@gmail.com > F= P= R=dnslookup > T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 > X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 > 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s > 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP => siew3...@yahoo.com > F= P= R=dnslookup > T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 > X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information > Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s > 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kan...@yahoo.com > F= P= R=dnslookup > T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 > X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information > Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s > 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> karenyesu...@yahoo.com > F= P= R=dnslookup > T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 > X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information > Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s > 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kerct1...@yahoo.com > F= P= R=dnslookup > T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 > X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information > Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s > 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP Completed QT=9s > > 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R > H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 > I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 30 spam_score: 1.2 > message_size: 3405 > 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R <= faisal.alaz...@aldimna.com > H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 > I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no > A=login:faisal.alaz...@aldimna.com S=5002 > id=7bfddeb3$b987df01$0586e10c$@yahoo.com T="c\342\200\231est si excitant" > from for florencek...@gmail.com > sweet...@hotmail.com tic...@gmail.com yhk...@tm.net.my green...@yahoo.com > 2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc > 1bM4z2-aK-1R > 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R => florencek...@gmail.com > F= P= R=dnslookup > T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 > X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 > 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s > 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R -> tic...@gmail.com > F= P= R=dnslookup > T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 > X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 > 2.0.0 OK
Re: [exim] Exim server maillog are flood by spam attemps?
Hi, Could you post your acl's? Best Regards. > Оригинално писмо >От: Flan AlFlani solo9...@hotmail.com >Относно: Re: [exim] Exim server maillog are flood by spam attemps? >До: kuncho pencho >Изпратено на: 13.07.2016 15:52 .abv-omExternalClass P { margin-top: 0; margin-bottom: 0; } hello kuncho pencho , I do use blacklist but some how the spam seem to come back with different email and Host . 2016-07-13 07:41:58 [9900] 1bNJTx-0002Zd-1P => i...@laendledeal.at F= P= R=dnslookup T=remote_smtp S=3925 H=mhmxha.tele.net [194.183.128.88]:25 C="250 2.0.0 u6DCgNFs032212 Message accepted for delivery" QT=17s DT=4s Sincerely, From: Exim-users on behalf of kuncho pencho Sent: Wednesday, July 13, 2016 9:45 AM To: exim-users@exim.org Subject: Re: [exim] Exim server maillog are flood by spam attemps? Hi, Do you use any blacklist? If not, make it. Something like that: https://www.tekovic.com/exim-acl-for-blocking-certain-senders Best Regards. > Оригинално писмо >От: Flan AlFlani solo9...@hotmail.com >Относно: [exim] Exim server maillog are flood by spam attemps? >До: "exim-users@exim.org" >Изпратено на: 13.07.2016 07:07 My log is flooded with those spam attemps and I wonder if there is a ACL can stop those attemps. maillog (this is just a sample, my log will be over a 1000 line in an hour) 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 40 spam_score: 3.2 message_size: 3497 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP faisal.alaz...@aldimna.com H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alaz...@aldimna.com S=5167 id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" from faisal.alaz...@aldimna.com > for siew3...@yahoo.com kammari.mur...@gmail.com kan...@yahoo.com karenyesu...@yahoo.com kerct1...@yahoo.com 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4ys-aK-QP 2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP => kammari.mur...@gmail.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP => siew3...@yahoo.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kan...@yahoo.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> karenyesu...@yahoo.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kerct1...@yahoo.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401]
Re: [exim] Exim server maillog are flood by spam attemps?
Hi, Do you use any blacklist? If not, make it. Something like that: https://www.tekovic.com/exim-acl-for-blocking-certain-senders Best Regards. > Оригинално писмо >От: Flan AlFlani solo9...@hotmail.com >Относно: [exim] Exim server maillog are flood by spam attemps? >До: "exim-users@exim.org" >Изпратено на: 13.07.2016 07:07 My log is flooded with those spam attemps and I wonder if there is a ACL can stop those attemps. maillog (this is just a sample, my log will be over a 1000 line in an hour) 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 40 spam_score: 3.2 message_size: 3497 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP faisal.alaz...@aldimna.com H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alaz...@aldimna.com S=5167 id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" from faisal.alaz...@aldimna.com > for siew3...@yahoo.com kammari.mur...@gmail.com kan...@yahoo.com karenyesu...@yahoo.com kerct1...@yahoo.com 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4ys-aK-QP 2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP => kammari.mur...@gmail.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP => siew3...@yahoo.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kan...@yahoo.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> karenyesu...@yahoo.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kerct1...@yahoo.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP Completed QT=9s 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 30 spam_score: 1.2 message_size: 3405 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R faisal.alaz...@aldimna.com H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alaz...@aldimna.com S=5002 id=7bfddeb3$b987df01$0586e10c$@yahoo.com T="c\342\200\231est si excitant" from faisal.alaz...@aldimna.com > for florencek...@gmail.com sweet...@hotmail.com tic...@gmail.com yhk...@tm.net.my green...@yahoo.com 2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4z2-aK-1R 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R => florencek...@gmail.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R -> tic...@gmail.com F= faisal.alaz...@aldimna.com > P= faisal.alaz...@aldimna.com > R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:46 [2444]
[exim] Exim server maillog are flood by spam attemps?
My log is flooded with those spam attemps and I wonder if there is a ACL can stop those attemps. maillog (this is just a sample, my log will be over a 1000 line in an hour) 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 40 spam_score: 3.2 message_size: 3497 2016-07-09 22:00:32 [2252] 1bM4ys-aK-QP <= faisal.alaz...@aldimna.com H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alaz...@aldimna.com S=5167 id=b8dcc2ec$88e3d824$09deabe2$@yahoo.com T="nouvelles" fromfor siew3...@yahoo.com kammari.mur...@gmail.com kan...@yahoo.com karenyesu...@yahoo.com kerct1...@yahoo.com 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4ys-aK-QP 2016-07-09 22:00:34 [2401] 1bM4ys-aK-QP => kammari.mur...@gmail.com F= P= R=dnslookup T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP => siew3...@yahoo.com F= P= R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kan...@yahoo.com F= P= R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> karenyesu...@yahoo.com F= P= R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP -> kerct1...@yahoo.com F= P= R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s 2016-07-09 22:00:39 [2401] 1bM4ys-aK-QP Completed QT=9s 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 30 spam_score: 1.2 message_size: 3405 2016-07-09 22:00:41 [2252] 1bM4z2-aK-1R <= faisal.alaz...@aldimna.com H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alaz...@aldimna.com S=5002 id=7bfddeb3$b987df01$0586e10c$@yahoo.com T="c\342\200\231est si excitant" from for florencek...@gmail.com sweet...@hotmail.com tic...@gmail.com yhk...@tm.net.my green...@yahoo.com 2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4z2-aK-1R 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R => florencek...@gmail.com F= P= R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:44 [2444] 1bM4z2-aK-1R -> tic...@gmail.com F= P= R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s 2016-07-09 22:00:46 [2444] 1bM4z2-aK-1R => sweet...@hotmail.com F= P= R=dnslookup T=remote_smtp S=4060 H=mx4.hotmail.com [65.55.37.104]:25 X=UNKNOWN:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=*.hotmail.com" C="250 <7bfddeb3$b987df01$0586e10c$@yahoo.com> Queued mail for delivery" QT=6s DT=4s 2016-07-09 22:00:51 [2444] 1bM4z2-aK-1R => green...@yahoo.com F=