[exim] spam messages freeze

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Wolfgang Kohnen (FEYERABEND)
Datum:  
To: exim-users
Betreff: [exim] spam messages freeze
[I had to resend this mail to this list, because I've sent it from a
wrong address.]

Hi folks,

this is a cross post to exim and mailscanner lists, 'cause I don't know
where I should search for a solution, or where I should ask.

I just switched on my new exim4 with MS (debian sarge) and the first
mails I receive are spams, of course. I see lots of spam coming in with
envelope-to: <> to non existent users and these messages freeze, since
there is no address to bounce to. Well, this seems to be a ususal spam
strategy and that my exim seems to be configured wrong, isn't it? Why
does exim try to bounce these messages? Maybe this is related to
MailScanner? One of the message logs look like this:

1DUVBW-0005d6-9L-H
Debian-exim 102 102
<>
1115494918 0
-ident Debian-exim
-received_protocol local
-body_linecount 72
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1115494918
-localerror
XX
1
claudia@???

154P Received: from Debian-exim by feyerabend.lis.bremen.de with local
(Exim 4.50)
        id 1DUVBW-0005d6-9L
        for claudia@???; Sat, 07 May 2005 21:41:58 +0200
043  X-Failed-Recipients: michael@???
031  Auto-Submitted: auto-generated
057F From: Mail Delivery System <Mailer-Daemon@???>
021T To: claudia@???
059  Subject: Mail delivery failed: returning message to sender
057I Message-Id: <E1DUVBW-0005d6-9L@???>
038  Date: Sat, 07 May 2005 21:41:58 +0200



The mail body looks like this:

1DUVBW-0005d6-9L-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  michael@???
    LMTP error after RCPT TO:<michael@???>:
    550-Mailbox unknown.  Either there is no mailbox associated with this
    550-name or you do not have authorization to see it.
    550 5.1.1 User unknown


------ This is a copy of the message, including all the headers. ------

Return-path: <claudia@???>
Received: from p54ac77df.dip.t-dialin.net ([84.172.119.223] helo=sat.1.de)
        by feyerabend.lis.bremen.de with esmtp (Exim 4.50)
        id 1DUVBG-0005cT-Uw
        for michael@???; Sat, 07 May 2005 21:41:49 +0200
From: claudia@???
To: michael@???
Date: Sat, 7 May 2005 21:40:58 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_0014_60E1DAD0.BCAFD50F"
X-Priority: 3
X-MSMail-Priority: Normal
X-lis.bremen.de-MailScanner: Found to be infected
X-Spam-Level: ****
X-MailScanner-From: claudia@???
Subject: {Virus!}


This is a multi-part message in MIME format.

------=_NextPart_000_0014_60E1DAD0.BCAFD50F
Content-Type: text/plain;
        charset="Windows-1252"
Content-Transfer-Encoding: 7bit


Mail transaction failed. Partial message is available.


------=_NextPart_000_0014_60E1DAD0.BCAFD50F
Content-Type: text/plain; charset="ISO-8859-1"; name="WARNUNG.txt"
Content-Disposition: attachment; filename="WARNUNG.txt"
Content-Transfer-Encoding: quoted-printable

[continuing with attachements substituted by my MS. (W32/Mytob-R etc.
found)]