On Sat, 2009-07-25 at 17:22 +0200, Peter wrote:
> I was looking at my logs today, and i noticed a few ip's that had ~150
> tries, and got unexpected disconnection all of them, These are more then
> likly spammers, not yet listed in spamhaus, but no sending/resciver
> address was logged, i was wondering if it's possible to make some kind
> of debug log of the connection from these ip's?, to see what they are up
> to :-)
>
>
> 2009-07-25 17:01:53 H=(swam.dounleet.com) [66.79.181.183] Warning:
> Passed Greylistning,
> 2009-07-25 17:02:43 H=(swam.dounleet.com) [66.79.181.183] Warning:
> Warning: X-blacklisted-at: blackholes.five-ten-sg.com
> 2009-07-25 17:02:43 unexpected disconnection while reading SMTP command
> from (swam.dounleet.com) [66.79.181.183]
Unless you have some strange log_selector settings, this means that the
remote end did one of the following:
HELO/EHLO -> disconnect
HELO/EHLO -> MAIL FROM -> disconnect
If you want to have all connections logged differently if they have
never received a MAIL FROM command, add +smtp_no_mail to your
log_selectors.
http://docs.exim.org/current/spec_html/ch49.html#SECTlogselector
Since that domain is listed on SURBL and they sending side couldn't
handle even a few seconds delay while you looked them up in a DNS
blacklist, I would say it's not a host worth worrying about.
--
The Exim manual -
http://docs.exim.org
