[exim] Suspect log entry

Top Page
Delete this message
Reply to this message
Author: Terry Danter
Date:  
To: exim-users
Subject: [exim] Suspect log entry
Hello today out of the blue i noticed four email stuck in the mailq with
the following error

2005-06-02 21:39:32 1Ddvre-000N8o-5P == user@???
<info@???> R=dnslookup T=remote_smtp defer (0)
: SMTP error from remote mailer after MAIL FROM:<wrea@???>
SIZE=4322: host mx2.bt.mail.yahoo.com [217.12.12.192]:
451 VS5-MF Excessive unknown recipients - possible Open Relay
http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5)
217.112.95.192


I host the mx for mydomainhere.com and forward all email for that domain
too user@??? after spam and virus scanning
217.112.95.192 is the ip of my server ( tho not the real one )
I just saw the possible Open Relay part in the log and thought i would
run it by you guys.
I removed the four mail from my mailq and black listed misssporty.com as
a temp measure until i am clear what's going on and every thing is as it
should be.
I run exim 4.50 with ASMTP.

Regards Terry.