Re: [Exim] Bizaare log entry

Top Page
Delete this message
Reply to this message
Author: Tim Jackson
Date:  
To: exim-users
Subject: Re: [Exim] Bizaare log entry
Hi Justin, on Mon, 18 Aug 2003 18:41:30 -0400 you wrote:

> My first question is the "U=root". I take it this means that the user
> 'root' tried to send this message from 218.13.251.100 ?


I *think* that's the RFC1413 ident, but as this isn't something I've
looked into in any great detail then someone might have to correct me :)

> My next question is the "was: 553 sorry, that domain isn't in my list >
> of.."


That's qmail's version of "relaying denied".

Basically, it looks to me like you got an incoming message from:

IP: 218.13.251.100
Envelope from: sales@???
Ident: root

Your Exim process then did a callout to their MX (218.102.48.123).
Presumably cnfax.com are either spammers, and/or have misconfigured DNS,
and/or 218.102.24.123 is a misconfigured MX which thinks it isn't an MX
for their domain. Therefore 218.102.48.123 said "sorry, don't know that
domain [cnfax.com]".


The key line here is Exim's fairly verbose statement which is easier to
read if you break it down a bit:

> sender verify fail

(the envelope sender couldn't be verified)

> for <sales@cn fax.com>

(this is the envelope sender)

> response to "RCPT TO:<sales@???>"

(this is the callout command sent by Exim)

> from mail.netvigator.com [218.102.48.123]

(this is the host receiving the callout)

> was:

(what follows is why the envelope sender couldn't be verified)

> 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

(this is what the host receiving the callout said)


Tim