Autor: Peter Bowyer Data: Para: Exim-Users \(E-mail\) Assunto: Re: [Exim] Log info
Ron McKeating wrote: > Perhaps if someone could confirm my interpretation of this log entry I
> would be grateful.
>
> 2003-10-29 11:57:21 H=(student.lboro.ac.uk) [195.14.168.188] sender
> verify fail for <i.bicnerstaff-97@???>: Unrouteable
> address
> 2003-10-29 11:57:21 H=(student.lboro.ac.uk) [195.14.168.188]
> F=<i.bicnerstaff-97@???> rejected RCPT
> <i.bicnerstaff-97@???>: Sender verify failed
>
If you had the recipient logged, you'd probably see that this was an attempt
to spam i.bicnerstaff-97 using that person's own address as a MAIL FROM:
envelope sender - in an assumption that if that address is deliverable then
even if you do sender verification, you'll still deliver it. It doesn't
exist, so you dropped the mail at sender verification - good.
The H=() part is what the sending server sent in the HELO - a common spammer
trick to try to bypass some checking your end is to HELO with either your
host name, your domain name or your server IP. None of which actually defeat
any checking that I know of - in fact, many use this as a positive
indication of spam, and drop the mail in the HELO acl.