On Thu, 2003-05-22 at 17:16, System wrote:
> Hello All,
>
> How do i block user1@??? from using my server for spamming ???
There is no evidence from the logs you have shown - which are incomplete
- that any mail is coming into or going out of your system. All the
deliveries are local on your machine:-
03-05-18 12:17:13 19HQqW-000421-00 => user1 <user1@???>
D=localuser T=local_delivery
which means your exim must recognised and handle email for
user1@???. The other messages appear to be user1 (which you
say is not a valid user *but* exim is seeing as a user id) sending out
to invalid addresses and getting a bounce back.
The log you sent was both too verbose and incomplete - you appear to
have just grepped out the user1 entries and not included the other more
useful surrounding lines.
You appear to either have a user on your machine (attempting to) send
mail out, or you have something like a broken web form allowing mail to
be attempted to be sent out, or you have a hideously broken exim config,
or your machine has been hacked.
In any case you have given insufficient information for anyone to give
you any reasonable help.
The inject lines:-
2003-05-18 12:16:44 19HQq4-00041e-00 <= user1@???
U=user1 P=local S=1496
are definitely local rather than SMTP. You need to work out where thats
coming from.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
