[Exim] Tracing message origin (uh oh, I think I was a relay!…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Matt Staroscik
Date:  
À: exim-users
Sujet: [Exim] Tracing message origin (uh oh, I think I was a relay!)
After seeing some weird mail behavior I started poking around in my logs
and spools.

From /var/spool/exim/msglog/SOMEID:

>2004-04-22 16:24:36 curryrenee@??? <CurryRenee@???>
>F=<> P=<> R=dnslookup T=remote_smtp: SMTP error from remote mailer after
>RCPT TO:<CurryRenee@???>: host mta3.snet.net [204.60.203.69]:
>553 5.3.0 <CurryRenee@???>... Addressee unknown,
>relay=[216.231.43.85]


That sure has heck looks like I was relaying junk. But according to Exim's
own tests, and tests from external relay checks (like abuse.net) I am not
an open relay.

How can I figure out what is going on?

I think that my weblog app (Geeklog) might be to blame, it had a form->mail
gateway which may have been exploited. I have shut it down, and I can't
think of any other web services that might be to blame, but how can I
investigate the origin of this message? Fortunately this has only been
going on for a day or so.

MANY thanks in advance!

Best,
Matt (the sucker!)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Matt Staroscik * KF6IYW * mstar@??? * http://wrongcrowd.com
"The combined weight of the horrors I have authored wrought would crush
your carbon hearts into perfect diamonds of terror."
                                         -- Leonid Kasparov Destroyovitch