Re: [exim] Very loosely Exim related! - Need help reading he…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: James Hoddinott
Date:  
À: exim-users
Sujet: Re: [exim] Very loosely Exim related! - Need help reading headers please
* Gareth Hastings <gareth.hastings@???> [2006-05-03 16:25:19 +0100]:
[...]
Content-Description: fromclient.txt
> Return-Path: <deborah@???>
> Received: from mwinf3102.me.freeserve.com (mwinf3102.me.freeserve.com)
> by mwinb3105 (SMTP Server) with LMTP; Wed, 03 May 2006 12:51:46 +0200
> X-Sieve: Server Sieve 2.2
> Envelope-to: customersaddress@???
> Received: from me-wanadoo.net (localhost [127.0.0.1])
> by mwinf3102.me.freeserve.com (SMTP Server) with ESMTP id 039851C0129B
> for <customersaddress@???>; Wed, 3 May 2006 12:51:46 +0200 (CEST)
> Received: from lonas01.kinexus.net (lonas01.kinexus.net [212.113.24.129])
> by mwinf3102.me.freeserve.com (SMTP Server) with ESMTP id 89F0A1C012A0
> for <customersaddress@???>; Wed, 3 May 2006 12:51:45 +0200 (CEST)
> X-ME-UUID: 20060503105145565.89F0A1C012A0@???
> Received: from localhost (localhost [127.0.0.1])
> by lonas01.kinexus.net (Postfix) with ESMTP id 2C33D24D88;
> Wed, 3 May 2006 11:51:34 +0100 (BST)
> Received: from retrac-group.com (unknown [217.206.172.205])
> by lonas01.kinexus.net (Postfix) with SMTP id 036EC24C6D;
> Wed, 3 May 2006 11:49:27 +0100 (BST)
> Received: from mail pickup service by retrac-group.com with Microsoft SMTPSVC;
> Wed, 3 May 2006 12:00:59 +0100


As has been mentioned by others in the thread, this is a problem with the
POP3 connector in the SBS version of Exchange. For the 2003 version it is
easily patched but it has only recently been upgraded to 'critical' by
Micorsoft (although I've not particularly noticed that this has helped).

The above headers suggest the problem lies with 217.206.172.205 which
appears to be an Easynet IP. I'd suggest sending these headers on to
abuse@???

[...]
Content-Description: sentbacktome.txt
> Received: from gaspra.twi.co.uk ([194.128.9.3]) by tatum.twi.co.uk with Microsoft SMTPSVC(6.0.3790.1830);
>      Wed, 3 May 2006 15:21:31 +0100
> Received: from (psmtp.com) [207.126.144.51] 
>     by gaspra.twi.co.uk with smtp 
>     id 1FbI8m-0002Mb-00 ; Wed, 03 May 2006 15:15:44 +0100
> Received: from source ([207.38.45.145]) by eu1sys200amx011.postini.com ([207.126.147.10]) with SMTP;
>     Wed, 03 May 2006 14:21:26 UTC
> Received: from [80.247.87.62] (account mmltd001@??? HELO morgan-marine.com)
>   by appereto.com (CommuniGate Pro SMTP 4.3.7)
>   with ESMTPA id 530246130; Wed, 03 May 2006 07:21:16 -0700
> Received: from mail pickup service by morgan-marine.com with Microsoft SMTPSVC;
>      Wed, 3 May 2006 15:15:52 +0100


If this is another mail from the 'loop' then 80.247.87.62 probably has an
issue too. This appears to be Quik Internet, support@???

Since there can often be a number of problematic hosts within the
distribution list (spread across multiple ISPs) you may want to check a
random sampling of the headers from all the mails received, if you have
access to this.

You mentioned in your port that a Demon host was possibly involved,
although I don't see any evidence of this in the headers. If you do
suspect that a Demon host is causing problems can you send the full
headers on to abuse@??? and it will get actioned ASAP.

HTH.

--
James Hoddinott