Re: Interpreting rejectlog "recipients from..." entries.

Top Page
Delete this message
Reply to this message
Author: Dan Birchall
Date:  
To: exim-users
Subject: Re: Interpreting rejectlog "recipients from..." entries.
Nigel Metheringham wrote:
>
> djb@??? said:
> } sender_net_accept_relay = "204.249.49.0/204.249.50.0"
>                                           ^^^^^^^^^^^^

>
> This part should be a netmask


Ah yes, right. For some reason or other with 1.6x, I had some
difficulty getting the colon-separated list thing working (most
likely that I couldn't find the netmask info in the docs ;) and
wound up with that monstrosity, which I've now corrected to:

sender_net_accept_relay = "204.249.49.0/24:204.249.50.0/24"

Exim seems fairly happy with that.

I'm chastened, but also slightly amused at the concept of
having blocked such an absurd pattern of addresses. The ones
I'd gotten the host-reject on were as follows (with a count of
how many times they show up in the rejectlog).

2 131.158.20.10 (Uniformed Services U. of Health Sci.)
1 134.120.3.4 (General Dynamics)
51 194.205.21.100 (Intent Limited in the UK)
2 198.70.245.245 (Alascom)
2 204.127.131.35 (AT&T Worldnet)
2 204.137.220.12 (AGIS/Net99)
1 204.137.222.241 (AGIS/Net99)
1 204.137.222.242
1 204.137.222.243
1 204.137.222.244
1 204.137.222.250
1 204.137.223.241
1 204.168.125.4 (WNET TV 13)
1 204.202.136.155 (Starwave Corporation)
2 205.164.68.1 (AGIS/Net99)
1 205.164.68.2
1 205.186.245.9 (Rest Computer Systems)
3 205.216.200.10 (Fidelity Net)
1 206.161.225.17 (CAIS)
1 206.205.38.7 (Info Quest)
1 207.120.43.133 (PG&C Leasing)
1 207.121.208.68 (NHinternet)
1 207.53.125.39 (GridNet)
1 207.78.107.3 (Dow Jones)
1 208.196.143.34 (K&M International)
1 208.24.33.53 (Waller Creek Communications)
2 209.41.248.5 (Interactive Ink)
1 209.76.185.3 (DNG Solutions)

Philip had indicated he thought sender_host_reject_recipients
would be responsible; the /usr/exim/lists/spam_domains (which
is being partial-lsearched) is as follows:

*.cyberpromo.com
*.nevwest.com
*.iemmc.org
*.submitking.com
*.shoppingplanet.com
*.quantcom.com
*.savetrees.com
*.cybermirror1.com
*.enterprise.net

spam_networks, for its part, is somewhat longer. (Most of it,
I got from someone else):

194.72.192.0/24
204.137.222/23
204.157.0.0/16
205.137.48.0/24
205.137.49.0/24
205.137.50.0/24
205.137.51.0/24
205.137.52.0/24
205.137.53.0/24
205.137.54.0/24
205.137.55.0/24
205.137.56.0/24
205.137.57.0/24
205.137.58.0/24
205.137.59.0/24
205.137.60.0/24
205.137.61.0/24
205.137.62.0/24
205.137.63.0/24
205.198.0.0/16
205.199.0.0/16
205.254.160.0/24
205.254.161.0/24
205.254.162.0/24
205.254.163.0/24
205.254.165.0/24
205.254.166.0/24
205.254.167.0/24
205.254.168.0/24
205.254.169.0/24
205.254.170.0/24
205.254.171.0/24
205.254.172.0/24
205.254.173.0/24
205.254.174.0/24
205.254.175.0/24
205.254.176.0/24
205.254.177.0/24
205.254.178.0/24
205.254.179.0/24
205.254.180.0/24
205.254.181.0/24
205.254.182.0/24
205.254.183.0/24
205.254.184.0/24
205.254.185.0/24
205.254.186.0/24
205.254.187.0/24
205.254.188.0/24
205.254.189.0/24
205.254.190.0/24
205.254.191.0/24
206.148.0.0/16
206.149.0.0/16
206.185.0.0/16
206.249.0.0/16
206.250.0.0/16
206.42.0.0/16
206.43.0.0/16
206.62.0.0/16
206.84.0.0/16
206.85.0.0/16
207.142.0.0/16
209.14.0.0/16
209.14.30.0/24

There are some things getting rejected that don't seem to
match the spam_networks or spam_domains; should I trust Nigel
on this and presume that now that sender_net_accept_relay has
been repaired, things should be happier? I believe the logs
are about to get rotated (they're on a weekly schedule) so next
week I could quite conceivably start with a "clean slate" and
see how things go, comparing the total number of messages being
rejected against this week's counts, et cetera.

Thanks for the data, and especially to Nigel for pointing out
that mess in sender_net_accept_relay. (Not that I wanted anyone
on our .50 network to send mail anyway... pesky salesfolk! ;)

-Dan

--
Dan Birchall, Internet Systems Administrator - djb@???
16 Straight Communications, Mount Laurel, NJ - 888 4-16STR8 x 131

--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/