Re: [exim] my IP blacklisted at CBL issues with HELO'ing

Top Page
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: informatics2k1
CC: Exim, Users, Peter Bowyer
Subject: Re: [exim] my IP blacklisted at CBL issues with HELO'ing


Peter Bowyer wrote:
> On 20/01/07, Markus Hardiyanto <informatics2k1@???> wrote:
>> i found this on EXIM log after implementing the HELO'ing ACL:
>>
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <lindseymthg@???>: "REJECTED - Bad
>> HELO - Host impersonating [keris.revti.net]"
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <root@???>: "REJECTED - Bad HELO
>> - Host impersonating [keris.revti.net]"
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <sudramaspoy@???>: "REJECTED - Ba
>> d HELO - Host impersonating [keris.revti.net]"
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <root@???>: "REJECTED - Bad HELO
>> - Host impersonating [keris.revti.net]"
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <kvlrrs@???>: "REJECTED - Bad
>> HELO - Host impersonating [keris.revti.net]"
>>
>> it seems that it came from mailman. how to fix this?
>
> Your HELO acl probably should exclude localhost. But I can't see what
> this has to do with your CBL listing.....
>


CBL lists server which have sent mails to their spam traps. In these
logs, I can see at least one very strange entry
(root@???). From what it looks like, someone is probably
abusing your instance of mailman to send spam. This is just a guess of
course, but you should really verify your mailing lists.