On Tue, Jun 27, 2006 at 02:47:35PM -0700, Dustin Jenkins wrote:
>
> Thanks for the response.
>
> The dc_accept_relay should've been dc_host_accept_relay, I should've taken that out, thanks for pointing to it.
>
> Here's a snippet from my /var/log/exim4/mainlog, the paniclog and reject log are empty. As you can see there are all kinds of different addresses from arbitrary traffic going to arbitrary domains. Mostly it gets denied, but sometimes it succeeds with a 'Completed' message, but what I want is for it to not try at all! I would've thought that I shouldn't be seeing any of this stuff.
>
> <LOG-SNIPPET>
> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H <= <> R=1FrfGX-0002bI-3K U=Debian-exim P=local S=2482
> 2006-06-26 22:14:46 1FrfGX-0002bI-3K Completed
> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H ** tyler@??? <Tyler@???> R=dnslookup T=remote_smtp: retry time
> not reached for any host after a long failure period
> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H Frozen (delivery error message)
> 2006-06-26 22:14:47 1FrfX0-0003LM-4v => wac1@??? R=dnslookup T=remote_smtp H=cluster6.us.messagelabs.com [216.82.249.195] X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
> 2006-06-26 22:14:47 1FrfX0-0003LM-4v Completed
> 2006-06-26 22:14:47 1FrfEe-0002Z2-BA a.mx0.gatewaydefender.com [209.153.138.190] Connection timed out
> 2006-06-26 22:14:50 1FrfWq-0003L8-M0 ** wackit69@???: an MX or SRV record indicated no SMTP service
> 2006-06-26 22:14:51 1FrfWq-0003L8-M0 => peggy.haney@??? R=dnslookup T=remote_smtp H=wppim001.aexp.com [193.32.34.92] X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
> 2006-06-26 22:14:51 1FrfWq-0003L8-M0 ** cvdlely@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<cvdlely@???>: host mailhub-new.vianetworks.nl [212.61.15.154]: 554 Service unavailable; Client host [24.68.130.247] blocked using safe.dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?24.68.130.247
> 2006-06-26 22:14:53 1FrfWq-0003L8-M0 ** server@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<server@???>: host mx10.uni.net [217.72.103.201]: 550 5.1.1 <server@???> User unknown; rejecting
> 2006-06-26 22:14:54 1FrfWq-0003L8-M0 => server@??? R=dnslookup T=remote_smtp H=mail.atriniti.com [68.15.40.154]
> 2006-06-26 22:14:55 1FrfWq-0003L8-M0 ** embox5@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<Marietta@???> SIZE=2513: host mx2.earthlink.net [209.86.93.227]: 550 Dynamic IPs/open relays blocked. Contact <openrelay@???>.
> 2006-06-26 22:14:56 1FrfWq-0003L8-M0 ** server@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<server@???>: host URO.COM.INBOUND15.MXLOGIC.NET [208.65.145.3]: 550 Recipient unknown
> 2006-06-26 22:14:57 1FrfWq-0003L8-M0 => k4447@??? R=dnslookup T=remote_smtp H=mx4.hotmail.com [65.54.245.104]
> 2006-06-26 22:14:58 1FrfWq-0003L8-M0 ** alpll@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after initial connection: host mailin-02.mx.netscape.net [205.188.158.57]: 554- (RTR:BB) http://postmaster.info.aol.com/errors/554rtrbb.html\n554 Connecting IP: 24.68.130.247
> 2006-06-26 22:14:58 1FrfWq-0003L8-M0 == bookings@??? R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<bookings@???>: host mailwash16.pair.com [66.39.2.16]: 450 <bookings@???>: Recipient address rejected: Service temporarily unavailable
> 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ => dog.kobe@??? R=dnslookup T=remote_smtp H=msa-mx2.hinet.net [168.95.5.113]
> 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ Completed
> 2006-06-26 22:15:04 1FrfWK-0003LL-Hx ** k2000@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server
> after RCPT TO:<k2000@???>: host mx3.nownuri.net [203.238.128.89]: 550 5.1.1 k2000 Unknown User
> </LOG-SNIPPET>
>
> When you say obfuscated, are you referring to the configuration in general or specific components?
This doesn't show a complete log of any transaction.
Run
exigrep -l 1FrfWq-0003L8-M0 /var/log/exim4/maillog*
It's the "<=" mark that tells where their coming from.
Are you running a web server on this machine too?
And please don't top-post.
Steven.
--
A new dramatist of the absurd
Has a voice that will shortly be heard.
I learn from my spies
He's about to devise
An unprintable three-letter word.
