On 28-Jun-06, at 5:46 AM, Steven Wayne wrote:
> On Tue, Jun 27, 2006 at 02:47:35PM -0700, Dustin Jenkins wrote:
>>
>> Thanks for the response.
>>
>> The dc_accept_relay should've been dc_host_accept_relay, I should've
>> taken that out, thanks for pointing to it.
>>
>> Here's a snippet from my /var/log/exim4/mainlog, the paniclog and
>> reject log are empty. As you can see there are all kinds of
>> different addresses from arbitrary traffic going to arbitrary
>> domains. Mostly it gets denied, but sometimes it succeeds with a
>> 'Completed' message, but what I want is for it to not try at all! I
>> would've thought that I shouldn't be seeing any of this stuff.
>>
>> <LOG-SNIPPET>
>> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H <= <> R=1FrfGX-0002bI-3K
>> U=Debian-exim P=local S=2482
>> 2006-06-26 22:14:46 1FrfGX-0002bI-3K Completed
>> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H ** tyler@???
>> <Tyler@???> R=dnslookup T=remote_smtp: retry time
>> not reached for any host after a long failure period
>> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H Frozen (delivery error message)
>> 2006-06-26 22:14:47 1FrfX0-0003LM-4v => wac1@???
>> R=dnslookup T=remote_smtp H=cluster6.us.messagelabs.com
>> [216.82.249.195] X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
>> 2006-06-26 22:14:47 1FrfX0-0003LM-4v Completed
>> 2006-06-26 22:14:47 1FrfEe-0002Z2-BA a.mx0.gatewaydefender.com
>> [209.153.138.190] Connection timed out
>> 2006-06-26 22:14:50 1FrfWq-0003L8-M0 ** wackit69@???: an MX
>> or SRV record indicated no SMTP service
>> 2006-06-26 22:14:51 1FrfWq-0003L8-M0 => peggy.haney@???
>> R=dnslookup T=remote_smtp H=wppim001.aexp.com [193.32.34.92]
>> X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
>> 2006-06-26 22:14:51 1FrfWq-0003L8-M0 ** cvdlely@??? R=dnslookup
>> T=remote_smtp: SMTP error from remote mail server after RCPT
>> TO:<cvdlely@???>: host mailhub-new.vianetworks.nl
>> [212.61.15.154]: 554 Service unavailable; Client host [24.68.130.247]
>> blocked using safe.dnsbl.sorbs.net; Dynamic IP Addresses See:
>> http://www.sorbs.net/lookup.shtml?24.68.130.247
>> 2006-06-26 22:14:53 1FrfWq-0003L8-M0 ** server@??? R=dnslookup
>> T=remote_smtp: SMTP error from remote mail server after RCPT
>> TO:<server@???>: host mx10.uni.net [217.72.103.201]: 550 5.1.1
>> <server@???> User unknown; rejecting
>> 2006-06-26 22:14:54 1FrfWq-0003L8-M0 => server@???
>> R=dnslookup T=remote_smtp H=mail.atriniti.com [68.15.40.154]
>> 2006-06-26 22:14:55 1FrfWq-0003L8-M0 ** embox5@???
>> R=dnslookup T=remote_smtp: SMTP error from remote mail server after
>> MAIL FROM:<Marietta@???> SIZE=2513: host mx2.earthlink.net
>> [209.86.93.227]: 550 Dynamic IPs/open relays blocked. Contact
>> <openrelay@???>.
>> 2006-06-26 22:14:56 1FrfWq-0003L8-M0 ** server@??? R=dnslookup
>> T=remote_smtp: SMTP error from remote mail server after RCPT
>> TO:<server@???>: host URO.COM.INBOUND15.MXLOGIC.NET
>> [208.65.145.3]: 550 Recipient unknown
>> 2006-06-26 22:14:57 1FrfWq-0003L8-M0 => k4447@??? R=dnslookup
>> T=remote_smtp H=mx4.hotmail.com [65.54.245.104]
>> 2006-06-26 22:14:58 1FrfWq-0003L8-M0 ** alpll@???
>> R=dnslookup T=remote_smtp: SMTP error from remote mail server after
>> initial connection: host mailin-02.mx.netscape.net [205.188.158.57]:
>> 554- (RTR:BB)
>> http://postmaster.info.aol.com/errors/554rtrbb.html\n554 Connecting
>> IP: 24.68.130.247
>> 2006-06-26 22:14:58 1FrfWq-0003L8-M0 == bookings@???
>> R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail
>> server after RCPT TO:<bookings@???>: host
>> mailwash16.pair.com [66.39.2.16]: 450 <bookings@???>:
>> Recipient address rejected: Service temporarily unavailable
>> 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ => dog.kobe@???
>> R=dnslookup T=remote_smtp H=msa-mx2.hinet.net [168.95.5.113]
>> 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ Completed
>> 2006-06-26 22:15:04 1FrfWK-0003LL-Hx ** k2000@??? R=dnslookup
>> T=remote_smtp: SMTP error from remote mail server
>> after RCPT TO:<k2000@???>: host mx3.nownuri.net
>> [203.238.128.89]: 550 5.1.1 k2000 Unknown User
>> </LOG-SNIPPET>
>>
>> When you say obfuscated, are you referring to the configuration in
>> general or specific components?
>
> This doesn't show a complete log of any transaction.
>
> Run
>
> exigrep -l 1FrfWq-0003L8-M0 /var/log/exim4/maillog*
>
> It's the "<=" mark that tells where their coming from.
>
> Are you running a web server on this machine too?
>
> And please don't top-post.
>
> Steven.
> --
> A new dramatist of the absurd
> Has a voice that will shortly be heard.
> I learn from my spies
> He's about to devise
> An unprintable three-letter word.
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Thanks for the reply. I'm going to do as suggested and learn to read
the logs before I post anything else. I am running a web server on the
box as well though, yes.
Much obliged,
Dustin
