Auteur: Renaud Allard Date: À: informatics2k1 CC: Exim, Users, Peter Bowyer Sujet: Re: [exim] my IP blacklisted at CBL issues with HELO'ing
Peter Bowyer wrote: > On 20/01/07, Markus Hardiyanto <informatics2k1@???> wrote:
>> i found this on EXIM log after implementing the HELO'ing ACL:
>>
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <lindseymthg@???>: "REJECTED - Bad
>> HELO - Host impersonating [keris.revti.net]"
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <root@???>: "REJECTED - Bad HELO
>> - Host impersonating [keris.revti.net]"
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <sudramaspoy@???>: "REJECTED - Ba
>> d HELO - Host impersonating [keris.revti.net]"
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <root@???>: "REJECTED - Bad HELO
>> - Host impersonating [keris.revti.net]"
>> 2007-01-20 11:30:50 H=localhost (keris.revti.net) [127.0.0.1] F=<mailman-bounces@???> rejected RCPT <kvlrrs@???>: "REJECTED - Bad
>> HELO - Host impersonating [keris.revti.net]"
>>
>> it seems that it came from mailman. how to fix this?
>
> Your HELO acl probably should exclude localhost. But I can't see what
> this has to do with your CBL listing.....
>
CBL lists server which have sent mails to their spam traps. In these
logs, I can see at least one very strange entry
(root@???). From what it looks like, someone is probably
abusing your instance of mailman to send spam. This is just a guess of
course, but you should really verify your mailing lists.