After seeing some weird mail behavior I started poking around in my logs
and spools.
From /var/spool/exim/msglog/SOMEID:
>2004-04-22 16:24:36 curryrenee@??? <CurryRenee@???>
>F=<> P=<> R=dnslookup T=remote_smtp: SMTP error from remote mailer after
>RCPT TO:<CurryRenee@???>: host mta3.snet.net [204.60.203.69]:
>553 5.3.0 <CurryRenee@???>... Addressee unknown,
>relay=[216.231.43.85]
That sure has heck looks like I was relaying junk. But according to Exim's
own tests, and tests from external relay checks (like abuse.net) I am not
an open relay.
How can I figure out what is going on?
I think that my weblog app (Geeklog) might be to blame, it had a form->mail
gateway which may have been exploited. I have shut it down, and I can't
think of any other web services that might be to blame, but how can I
investigate the origin of this message? Fortunately this has only been
going on for a day or so.
MANY thanks in advance!
Best,
Matt (the sucker!)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Matt Staroscik * KF6IYW * mstar@??? * http://wrongcrowd.com
"The combined weight of the horrors I have authored wrought would crush
your carbon hearts into perfect diamonds of terror."
-- Leonid Kasparov Destroyovitch