Daniel W. wrote:
>
> hello.
>
> I recently discovered my box is under heavy load and investigated a
> bit. A "ps ax" showed me quite a lot exim processes. A closer look at
> the "mainlog" logfile showed me lines like the following ones:
>
> .......................................................................
> 2002-09-25 11:47:09 17u8l8-0004uJ-00 <= <> H=mc2-s12.law16.hotmail.com
> [65.54.237.61] P=esmtp S=9739 id=3OCcSkpLi00001d3e@???
> 2002-09-25 11:47:09 17u8l8-0004uJ-00 => epico <nobody@???>
> D=localuser T=local_delivery
>
> 2002-09-25 11:47:09 17u8l8-0004uJ-00 Completed
> 2002-09-25 11:48:17 17u8mF-0004uQ-00 <= Mailer-Daemon@???
> H=email.niagarac.on.ca [192.197.62.37] P=smtp S=3152
> id=sd913fa4.085@???
> 2002-09-25 11:48:17 17u8mF-0004uQ-00 => epico <nobody@???>
> D=localuser T=local_delivery
> 2002-09-25 11:48:17 17u8mF-0004uQ-00 Completed
> .......................................................................
>
> Believing I was an open relay for everyone I purged exim and
> re-installed it. This time I used the config file taken of the
> examples archive. (i used the debian one before) I changed hardly
> anything...but..still getting these messages in my mainlog file.
> Am I an open relay?!
>
> exim version: 3.35-1
> os: debian gnu/linux woody
> exim is running as user/grou mail/mail.
> epico is a local user. just mentioning this because I wonder what
> "epico <nobody@???>" means. I guess nothing good :-/
> I'm on dialup. narf.ninth.biz therefore points to a dynamic ip.
> (ddns service @ www.changeip.com)
> All I want to do is receiving and sending mail :-/
You just receive LOCAL mails, being delivered to an LOCAL account, this
isn't relaying, just local delivery ("D=localuser T=local_delivery").
the mails you receive are bounces, either somone is sending with your
mailaddress or you run some kind of vulnerable mailscript (formmail.pl?)
because your apache most probably run with uid nobody.
ciao
