Re: [Exim] Header Data

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Matthew Byng-Maddick
Data:  
Para: exim-users
Asunto: Re: [Exim] Header Data
On Thu, Jan 03, 2002 at 09:17:53AM -0500, Joseph Kezar wrote:
> I'll tell you what I did now.
> Let me know if this is the correct way of finding the envelope-sender.:


It is one correct way, yes. Of course it assumes the logs are readable.

The return_path should be the sender address too, but may also be <> for
a bounce.

> cat /var/log/exim_mainlog | grep 16M8YJ-0006ut-00(messageid from a SPAM
> email)
> proves:
> 2002-01-03 09:09:05 16M8YJ-0006ut-00 <= opt-in@???
> H=(mx2.state.vt.us) [170.222.64.130] P=esmtp S=6091
> id=20020103135240.24285.qmail@???
>
> I am strongly guessing 'opt-in@???' is the
> envelope-sender.


In this case, yes. This line says that "Today, at 09:09:05, a message,
given queueid 16M8YJ-0006ut-00 was injected into the mail system by
'opt-in@???', over esmtp from a host which said
HELO as 'mx2.state.vt.us' but had no reverse lookup, and had an IP
address of 170.222.64.130. It was 6091 octets long, and had a Message-ID
header of '20020103135240.24285.qmail@???'."

> And this is the sender that needs to be added to my /usr/exim/rejectlist
> Am I correct?


Yes, although you may not see it again...

At this point, I'll plug http://colondot.net/mbm/mailfilter.shtml, which
has stuff on auto-blacklisting for bait addresses.

MBM

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/