Re: [exim] Suspect log entry

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Terry Danter
CC: exim-users
Subject: Re: [exim] Suspect log entry
On Thu, 2 Jun 2005, Terry Danter wrote:
>
> 2005-06-02 21:39:32 1Ddvre-000N8o-5P == user@???
> <info@???> R=dnslookup T=remote_smtp defer (0)
> : SMTP error from remote mailer after MAIL FROM:<wrea@???>
> SIZE=4322: host mx2.bt.mail.yahoo.com [217.12.12.192]:
> 451 VS5-MF Excessive unknown recipients - possible Open Relay
> http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5)
> 217.112.95.192
>
> I host the mx for mydomainhere.com and forward all email for that domain too
> user@??? after spam and virus scanning
> I just saw the possible Open Relay part in the log and thought i would run it
> by you guys.


That's just a guess on the part of BT Openworld (or Yahoo). You should
check your logs for email to btopenworld.com addresses other than this
particular user, so that you can identify the failing addresses and work
out where the problem email is coming from and deal with it.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}