[Exim] Message Frozen issue

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
Nico Erfurth at ->
Delete this message
Reply to this message
Author: Marc Wilkinson
Date:  
To: exim-users
Subject: [Exim] Message Frozen issue
This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hi
I am beginning to pull my hair out here, I am still pretty new at EXIM and I am suffering from MASSES of "message frozen" responses.

the issue seems to be when a message is returned to my domain, to a user that doesn't exist.

Now, I am not yet sure WHY the messages are coming back to me - whether it is faked FROM by a spammer, or somebody careless joined a mailing list using a fake email address, that happens to be in my domain - OR - my fear that I am actually OPEN as a relay and being used.

Either way, there are lots of them, and I am strugglying to see how I can prevent them, and how I can reduce the load on my server and link.

I am guessing that exim can do something like Original From != From != HELO domain... but I don't think that is sufficient. Ideally I'd like to block these at the SMTP handshake stand. Or am I just going to have to get used to them

My theory goes along the lines that if I can make an expression out of these bits I might be able to block it... but since part of this is the original included message it may not help
"Received: from navys.com (ool-44c2914b.dyn.optonline.net [68.194.145.75])
by mta9.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <0HM0008U2LNQK3@???>; Tue,
30 Sep 2003 02:50:22 -0400 (EDT)
Date: Tue, 30 Sep 2003 06:50:20 +0000
From: "Dayle F. Hoehn" <dayle.hoehnkr@???>
Subject: Latest review is available
To: peirced74@???, peirced79@???, peirced87@???"


thanks in advance
<m.>

Redhat 8
Exim 4.24
Spam Assassin 2.55


Sample message;


1A4IQA-0005gW-GN-D
This is a MIME-encapsulated message
--GAC02849.1064918502/rly-xc05.mx.aol.com
The original message was received at Tue, 30 Sep 2003 06:41:35 -0400 (EDT)
from mta9.srv.hcvlny.cv.net [167.206.5.42]

*** ATTENTION ***
Your e-mail is being returned to you because there was a problem with its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.
Please direct further questions regarding this message to your e-mail
administrator.
--AOL Postmaster


----- The following addresses had permanent fatal errors -----
<peirced74@???>
<peirced79@???>
<peirced87@???>
----- Transcript of session follows -----
... while talking to air-xc02.mail.aol.com.:
>>> RCPT To:<peirced87@???>
<<< 550 MAILBOX NOT FOUND
550 <peirced87@???>... User unknown
>>> RCPT To:<peirced79@???>
<<< 550 MAILBOX NOT FOUND
550 <peirced79@???>... User unknown
>>> RCPT To:<peirced74@???>
<<< 550 MAILBOX NOT FOUND
550 <peirced74@???>... User unknown

--GAC02849.1064918502/rly-xc05.mx.aol.com
Content-Type: message/delivery-status

Reporting-MTA: dns; rly-xc05.mx.aol.com
Arrival-Date: Tue, 30 Sep 2003 06:41:35 -0400 (EDT)
Final-Recipient: RFC822; peirced74@???
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-xc02.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Tue, 30 Sep 2003 06:41:42 -0400 (EDT)
Final-Recipient: RFC822; peirced79@???
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-xc02.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Tue, 30 Sep 2003 06:41:42 -0400 (EDT)
Final-Recipient: RFC822; peirced87@???
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-xc02.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Tue, 30 Sep 2003 06:41:42 -0400 (EDT)

--GAC02849.1064918502/rly-xc05.mx.aol.com
Content-Type: text/rfc822-headers

Received: from mta9.srv.hcvlny.cv.net (mta9.srv.hcvlny.cv.net [167.206.5.42]) by rly-xc05.mx.aol.com (v96.8) with ESMTP id MAILRELAYINXC57-ed3f795ddf222; Tue, 30 Sep 2003 06:41:35 -0400
Received: from navys.com (ool-44c2914b.dyn.optonline.net [68.194.145.75])
by mta9.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <0HM0008U2LNQK3@???>; Tue,
30 Sep 2003 02:50:22 -0400 (EDT)
Date: Tue, 30 Sep 2003 06:50:20 +0000
From: "Dayle F. Hoehn" <dayle.hoehnkr@???>
Subject: Latest review is available
To: peirced74@???, peirced79@???, peirced87@???
Message-id: <fcb501c3871f$a4b03ecd$353e4825@zab3b11>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Content-type: multipart/alternative;
boundary="Boundary_(ID_EtfdaPszVKIocHhb5j0bsg)"
X-Priority: 3
X-MSMail-priority: Normal
X-AOL-IP: 167.206.5.42
X-AOL-SCOLL-SCORE: 1:XXX:XX
X-AOL-SCOLL-URL_COUNT: 2


--GAC02849.1064918502/rly-xc05.mx.aol.com--

1A4IQA-0005gW-GN-H

root 0 0
<>
1064920318 0
-helo_name omr-m08.mx.aol.com
-host_address 64.12.138.20.54350
-host_name omr-m08.mx.aol.com
-interface_address 217.206.44.68.25
-received_protocol esmtp
-body_linecount 99
-frozen 1064920352
XX
1
dayle.hoehnkr@???
186P

Received: from omr-m08.mx.aol.com ([64.12.138.20]:54350)
by mail.bias.com with esmtp (mixE 4.24 #5 )
id 1A4IQA-0005gW-GN
for <dayle.hoehnkr@???>; Tue, 30 Sep 2003 12:11:58 +0100
176P Received: from rly-xc05.mx.aol.com (rly-xc05.mail.aol.com [172.20.105.138]) by omr-m08.mx.aol.com (v95.1) with ESMTP id RELAYIN2-33f795de6294; Tue, 30 Sep 2003 06:41:42 -0400
158P Received: from localhost (localhost)
by rly-xc05.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
with internal id GAC02849;
Tue, 30 Sep 2003 06:41:42 -0400 (EDT)
044 Date: Tue, 30 Sep 2003 06:41:42 -0400 (EDT)
054F From: Mail Delivery Subsystem <MAILER-DAEMON@???>
056I Message-Id: <200309301041.GAC02849@???>
029T To: <dayle.hoehnkr@???>
018 MIME-Version: 1.0
113* Content-Type: multipart/report; report-type=delivery-status;
boundary="GAC02849.1064918502/rly-xc05.mx.aol.com"
037* Subject: Returned mail: User unknown
041 Auto-Submitted: auto-generated (failure)
025 X-AOL-IP: 172.20.105.138
022 X-SA-Exim-Mail-From:
113 Content-Type: multipart/report; report-type=delivery-status;
boundary="GAC02849.1064918502/rly-xc05.mx.aol.com"
037 Subject: Returned mail: User unknown
165 X-Spam-Status: No, hits=3.2 required=5.0
tests=FAILURE_NOTICE_1,FAILURE_NOTICE_2,MAILTO_TO_SPAM_ADDR,
RCVD_IN_OSIRUSOFT_COM,X_OSIRU_OPEN_RELAY
version=2.55
018 X-Spam-Level: ***
070 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
060 X-SA-Exim-Version: 3.1 (built Tue Sep 23 15:55:33 BST 2003)
023 X-SA-Exim-Scanned: Yes
--



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] mail accountRe: [Exim] acl for DATA command->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)