[Exim] blocking

Góra strony
Delete this message
Reply to this message
Autor: ketvin
Data:  
Dla: exim-users
Temat: [Exim] blocking
This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Dear list,

following is a portion from my main.log:


2003-11-10 22:32:20 1AJD5Y-0005Yv-00 <= 2p12zr1242p12zr124@???
H=(abc.com) [219.95.x.x] P=asmtp A=cram:mailadmin@??? S=3738
id=lJw1vKx26eCo9BOUMdPRYTSQj5FRl1qO@LocalHost

2003-11-10 22:32:21 1AJD5Z-0005Z4-00 <= 2p12zr1242p12zr124@???
U=amavis P=scanned-ok S=3933 id=lJw1vKx26eCo9BOUMdPRYTSQj5FRl1qO@LocalHost

2003-11-10 22:32:23 1AJD5Z-0005Z4-00 ** lubob@??? R=dnslookup
T=remote_smtp: SMTP error from remote mailer after MAIL
FROM:<2p12zr1242p12zr124@???> SIZE=5020: host mx2.hanmail.net
[211.43.x.x]: 550 5.7.1 <2p12zr1242p12zr124@???>... Sorry,access
denied(202.75.x.x).You've sent too many e-mails to us(1200).If you need more
infomation,write to us at nospam@??? with this message.

2003-11-10 22:32:25 1AJD5c-0005a1-00 => 2p12zr1242p12zr124
<2p12zr1242p12zr124@???> R=amavis_director T=amavis
2003-11-10 22:32:25 1AJD5c-0005a1-00 Completed

2003-11-10 22:32:26 1AJD5c-0005aJ-00 ** 2p12zr1242p12zr124@???
R=dnslookup T=remote_smtp: SMTP error from remote mailer after RCPT
TO:<2p12zr1242p12zr124@???>: host mx2.mail.yahoo.com [64.157.4.78]:
553 VS10-RT Possible forgery or deactivated due to abuse (#5.1.1)




there's a lot of strange email in the mailq as frozen, for example:
2pdr1242pdr124@???
xtsaidixtsaidi@???
2s2iiap2s2iiap@???
a2pis2pa2pis2p@???
xtsaidixtsaidi@???


when i trace it one by one, i found that it seems to be delivered from
mailadmin@??? , which is a domain hosted on my MTA. from the log file,
the ip revealed is [219.95.x.x]

does it means that [219.95.x.x] is using mailadmin@??? to spam
???@xyz.com using ???@yahoo.com spamming email ?



If thats the case, I would have to block 219.95.x.x , how do i do it?
thanks for your guides ~




--