Re: [exim] Stopping arbitrary traffic

Top Page
Delete this message
Reply to this message
Author: Dustin Jenkins
Date:  
To: exim-users
Subject: Re: [exim] Stopping arbitrary traffic
Thanks for the response.

The dc_accept_relay should've been dc_host_accept_relay, I should've taken that out, thanks for pointing to it.

Here's a snippet from my /var/log/exim4/mainlog, the paniclog and reject log are empty. As you can see there are all kinds of different addresses from arbitrary traffic going to arbitrary domains. Mostly it gets denied, but sometimes it succeeds with a 'Completed' message, but what I want is for it to not try at all! I would've thought that I shouldn't be seeing any of this stuff.

<LOG-SNIPPET>
2006-06-26 22:14:46 1Fv5uQ-0001ik-2H <= <> R=1FrfGX-0002bI-3K U=Debian-exim P=local S=2482
2006-06-26 22:14:46 1FrfGX-0002bI-3K Completed
2006-06-26 22:14:46 1Fv5uQ-0001ik-2H ** tyler@??? <Tyler@???> R=dnslookup T=remote_smtp: retry time
not reached for any host after a long failure period
2006-06-26 22:14:46 1Fv5uQ-0001ik-2H Frozen (delivery error message)
2006-06-26 22:14:47 1FrfX0-0003LM-4v => wac1@??? R=dnslookup T=remote_smtp H=cluster6.us.messagelabs.com [216.82.249.195] X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
2006-06-26 22:14:47 1FrfX0-0003LM-4v Completed
2006-06-26 22:14:47 1FrfEe-0002Z2-BA a.mx0.gatewaydefender.com [209.153.138.190] Connection timed out
2006-06-26 22:14:50 1FrfWq-0003L8-M0 ** wackit69@???: an MX or SRV record indicated no SMTP service
2006-06-26 22:14:51 1FrfWq-0003L8-M0 => peggy.haney@??? R=dnslookup T=remote_smtp H=wppim001.aexp.com [193.32.34.92] X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
2006-06-26 22:14:51 1FrfWq-0003L8-M0 ** cvdlely@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<cvdlely@???>: host mailhub-new.vianetworks.nl [212.61.15.154]: 554 Service unavailable; Client host [24.68.130.247] blocked using safe.dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?24.68.130.247
2006-06-26 22:14:53 1FrfWq-0003L8-M0 ** server@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<server@???>: host mx10.uni.net [217.72.103.201]: 550 5.1.1 <server@???> User unknown; rejecting
2006-06-26 22:14:54 1FrfWq-0003L8-M0 => server@??? R=dnslookup T=remote_smtp H=mail.atriniti.com [68.15.40.154]
2006-06-26 22:14:55 1FrfWq-0003L8-M0 ** embox5@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<Marietta@???> SIZE=2513: host mx2.earthlink.net [209.86.93.227]: 550 Dynamic IPs/open relays blocked. Contact <openrelay@???>.
2006-06-26 22:14:56 1FrfWq-0003L8-M0 ** server@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<server@???>: host URO.COM.INBOUND15.MXLOGIC.NET [208.65.145.3]: 550 Recipient unknown
2006-06-26 22:14:57 1FrfWq-0003L8-M0 => k4447@??? R=dnslookup T=remote_smtp H=mx4.hotmail.com [65.54.245.104]
2006-06-26 22:14:58 1FrfWq-0003L8-M0 ** alpll@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after initial connection: host mailin-02.mx.netscape.net [205.188.158.57]: 554- (RTR:BB) http://postmaster.info.aol.com/errors/554rtrbb.html\n554 Connecting IP: 24.68.130.247
2006-06-26 22:14:58 1FrfWq-0003L8-M0 == bookings@??? R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<bookings@???>: host mailwash16.pair.com [66.39.2.16]: 450 <bookings@???>: Recipient address rejected: Service temporarily unavailable
2006-06-26 22:15:02 1FrfWS-0003Lu-HQ => dog.kobe@??? R=dnslookup T=remote_smtp H=msa-mx2.hinet.net [168.95.5.113]
2006-06-26 22:15:02 1FrfWS-0003Lu-HQ Completed
2006-06-26 22:15:04 1FrfWK-0003LL-Hx ** k2000@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server
after RCPT TO:<k2000@???>: host mx3.nownuri.net [203.238.128.89]: 550 5.1.1 k2000 Unknown User
</LOG-SNIPPET>

When you say obfuscated, are you referring to the configuration in general or specific components?

Many thanks,
Dustin



----- Original Message -----
From: Marc Haber <mh+exim-users@???>
Date: Tuesday, June 27, 2006 2:17 am
Subject: Re: [exim] Stopping arbitrary traffic

> On Mon, 26 Jun 2006 22:13:33 -0700, Dustin Nicholas Jenkins
> <at88mph@???> wrote:
> >I'm running kernel 2.6.17.1 with exim4 as my internet site SMTP
> >configuration. I've done all the options as described by the site
> to
> >stop arbitrary traffic from using my site, but the logs still show
> all
> >kinds of stuff coming through.
>
> Please show logs.
>
> >dc_accept_relay='192.168.1.0/24'
>
> What's that?
>
> Your configuration looks - obfuscated - but fine. Please tell us more
> about your problem.
>
> Greetings
> Marc
>
> -- 
> -------------------------------------- !! No courtesy copies, 
> please !! -----
> Marc Haber         |   " Questions are the         | Mailadresse im 
> HeaderMannheim, Germany  |     Beginning of Wisdom "     | 
> http://www.zugschlus.de/Nordisch by Nature | Lt. Worf, TNG 
> "Rightful Heir" | Fon: *49 621 72739834

>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>