On 2002-05-02 at 01:34 -0400, Tomasz Kosinski wrote:
> However, once I have
> exiwhat reporting no process, and I mail a test message (to myself at
> this domain) it just sits on the queue for, now, 20+ minutes, and when I
> try to move it manually with "exim -M 1738cU-0000nF-00", it just hangs
> for several minutes, until I kill the process, so I wanted to try to
> remove the hints db as you suggest, but I am sorry to say I can't
> determine which file that is. "Locate hint" turns up nothing that looks
> right. Is it one of the following:
>
> /var/spool/exim/db:
> used 48 available 2268152
> drwxr-x--- 2 mail mail 4096 Sep 25 2001 .
> drwxr-x--- 5 mail mail 4096 May 2 00:54 ..
> -rw-r----- 1 mail mail 20480 May 2 00:23 retry
> -rw-r----- 1 mail mail 0 Sep 24 2001 retry.lockfile
> -rw-r----- 1 mail mail 20480 May 2 00:55 wait-remote_smtp
> -rw-r----- 1 mail mail 0 Sep 25 2001 wait-remote_smtp.lockfile
Yes. Just remove those.
For the new message which is in the queue with message id $foo, what
does "exim -Mvl $foo" show?
What happens if you try "exim -d9 -M $foo" ? (You might want to try
"exim -d9 -M $foo 2>&1 | tee fred" to capture the output)
If you type "exim -bpc", what number do you get back?
> Sorry to be so literal, but I don't really know what I am doing and I
> want to avoid making things worse, if possible.
Sensible.
> From my exim.conf:
>
> #relay_domains =
>
> host_accept_relay = localhost
>
> Are these the appropraite settings to try to avoid this kind of problem?
That depends. Do you have anything _else_ on the machine which might
generate email? Eg, another MTA? Or a webserver with a vulnerable
formmail.pl ? Because they'll submit the mail locally. And yes,
spammers are actively exploiting holes in widely-used CGI scripts such
as the FormMail.pl from Matt's Script Archive.
For one of the spam messagids, if you grep the mainlog, how was it
accepted? Where did it come from?
--
Just remember, violence is the last resort of the incompetent.
The rest of us don't wait until it's the only option. -- R