This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hi
I am beginning to pull my hair out here, I am still pretty new at EXIM and I am suffering from MASSES of "message frozen" responses.
the issue seems to be when a message is returned to my domain, to a user that doesn't exist.
Now, I am not yet sure WHY the messages are coming back to me - whether it is faked FROM by a spammer, or somebody careless joined a mailing list using a fake email address, that happens to be in my domain - OR - my fear that I am actually OPEN as a relay and being used.
Either way, there are lots of them, and I am strugglying to see how I can prevent them, and how I can reduce the load on my server and link.
I am guessing that exim can do something like Original From != From != HELO domain... but I don't think that is sufficient. Ideally I'd like to block these at the SMTP handshake stand. Or am I just going to have to get used to them
My theory goes along the lines that if I can make an expression out of these bits I might be able to block it... but since part of this is the original included message it may not help
"Received: from navys.com (ool-44c2914b.dyn.optonline.net [68.194.145.75])
by mta9.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <0HM0008U2LNQK3@???>; Tue,
30 Sep 2003 02:50:22 -0400 (EDT)
Date: Tue, 30 Sep 2003 06:50:20 +0000
From: "Dayle F. Hoehn" <dayle.hoehnkr@???>
Subject: Latest review is available
To: peirced74@???, peirced79@???, peirced87@???"
thanks in advance
<m.>
Redhat 8
Exim 4.24
Spam Assassin 2.55
Sample message;
1A4IQA-0005gW-GN-D
This is a MIME-encapsulated message
--GAC02849.1064918502/rly-xc05.mx.aol.com
The original message was received at Tue, 30 Sep 2003 06:41:35 -0400 (EDT)
from mta9.srv.hcvlny.cv.net [167.206.5.42]
*** ATTENTION ***
Your e-mail is being returned to you because there was a problem with its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.
Please direct further questions regarding this message to your e-mail
administrator.
--AOL Postmaster
----- The following addresses had permanent fatal errors -----
<peirced74@???>
<peirced79@???>
<peirced87@???>
----- Transcript of session follows -----
... while talking to air-xc02.mail.aol.com.: >>> RCPT To:<peirced87@???> <<< 550 MAILBOX NOT FOUND
550 <peirced87@???>... User unknown >>> RCPT To:<peirced79@???> <<< 550 MAILBOX NOT FOUND
550 <peirced79@???>... User unknown >>> RCPT To:<peirced74@???> <<< 550 MAILBOX NOT FOUND
550 <peirced74@???>... User unknown
Received: from mta9.srv.hcvlny.cv.net (mta9.srv.hcvlny.cv.net [167.206.5.42]) by rly-xc05.mx.aol.com (v96.8) with ESMTP id MAILRELAYINXC57-ed3f795ddf222; Tue, 30 Sep 2003 06:41:35 -0400
Received: from navys.com (ool-44c2914b.dyn.optonline.net [68.194.145.75])
by mta9.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <0HM0008U2LNQK3@???>; Tue,
30 Sep 2003 02:50:22 -0400 (EDT)
Date: Tue, 30 Sep 2003 06:50:20 +0000
From: "Dayle F. Hoehn" <dayle.hoehnkr@???>
Subject: Latest review is available
To: peirced74@???, peirced79@???, peirced87@???
Message-id: <fcb501c3871f$a4b03ecd$353e4825@zab3b11>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Content-type: multipart/alternative;
boundary="Boundary_(ID_EtfdaPszVKIocHhb5j0bsg)"
X-Priority: 3
X-MSMail-priority: Normal
X-AOL-IP: 167.206.5.42
X-AOL-SCOLL-SCORE: 1:XXX:XX
X-AOL-SCOLL-URL_COUNT: 2