Autor: Paul LUNETTA
Data:
Dla: exim-users
Temat: Re: [exim] SMTP timeout
Hi,
I am pretty sure that i have a breach in my security.
I doubled the capacity of SMTP accepted
smtp_accept_max = 100 (instead of 50)
smtp_accept_max_per_host = 50 (instead of 25)
and it has been fullfilled while there was only 2 internal users connected !
I made some "open relay" tests. All say "ok"
How can I really test my security and/or trace these spammers ?
Thank you if you can help and sorry for my poor english.
Paul.
Paul LUNETTA a écrit :
> Hi,
>
> As I have no answer, I just add some others exim logs for those who
> could perhaps help me have a clue.
> Just before having the "too much SMTP connections" I have this :
>
> 2007-10-22 00:23:16 rejected HELO from [123.220.223.126]: syntactically
> invalid argument(s): H\216\213
> 2007-10-22 00:23:59 rejected HELO from [123.220.223.126]: syntactically
> invalid argument(s): H\216\213
> 2007-10-22 00:24:29 rejected HELO from [123.220.223.126]: syntactically
> invalid argument(s): H\216\213
> 2007-10-22 00:24:30 rejected HELO from [123.220.223.126]: syntactically
> invalid argument(s): H\216\213
> 2007-10-22 00:27:52 1Ijdea-00012h-6F demime acl condition: base64 line
> contains illegal character
> 2007-10-22 00:47:58 1Ijdy0-0001AK-3h demime acl condition: base64 line
> contains illegal character
> 2007-10-22 01:02:53 Start queue run: pid=4879
> 2007-10-22 01:02:53 1IjADj-0000h9-9z Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1IjADj-0000h9-9z ** s@???:
> Unrouteable address
> 2007-10-22 01:02:53 1IjADj-0000h9-9z Frozen (delivery error message)
> 2007-10-22 01:02:53 1Ij9m7-0000Vv-Fv Message is frozen
> 2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd ** dwtqupj@???:
> Unrouteable address
> 2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd Frozen (delivery error message)
> 2007-10-22 01:02:53 1Ij6K5-0007UW-IK Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1Ij6K5-0007UW-IK ** rhb@???:
> Unrouteable address
> 2007-10-22 01:02:53 1Ij6K5-0007UW-IK Frozen (delivery error message)
> 2007-10-22 01:02:53 1Ij60A-0007Mk-Io Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1Ij60A-0007Mk-Io ** lkeykcw@???:
> Unrouteable address
> 2007-10-22 01:02:53 1Ij60A-0007Mk-Io Frozen (delivery error message)
> 2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs ** xl@???:
> Unrouteable address
> 2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs Frozen (delivery error message)
> 2007-10-22 01:02:53 1IizF9-0004Sx-4u Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1IizF9-0004Sx-4u ** tv@???:
> Unrouteable address
> 2007-10-22 01:02:53 1IizF9-0004Sx-4u Frozen (delivery error message)
> 2007-10-22 01:02:53 1IixJx-0000be-UN Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1IixJx-0000be-UN ** udxhxj@???:
> Unrouteable address
> 2007-10-22 01:02:54 1IixJx-0000be-UN Frozen (delivery error message)
> 2007-10-22 01:02:54 1IiyQG-00048A-9f Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1IiyQG-00048A-9f ** xahe@???:
> Unrouteable address
> 2007-10-22 01:02:54 1IiyQG-00048A-9f Frozen (delivery error message)
> 2007-10-22 01:02:54 1IizJM-0004Uw-8k Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1IizJM-0004Uw-8k ** gl@???:
> Unrouteable address
> 2007-10-22 01:02:54 1IizJM-0004Uw-8k Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij06y-0004q8-MV Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij06y-0004q8-MV ** lofgam@???:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij06y-0004q8-MV Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij1WP-0005Qc-IX Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij1WP-0005Qc-IX ** v@???:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij1WP-0005Qc-IX Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij5PQ-00076J-Fs Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij5PQ-00076J-Fs ** rxpwh@???:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij5PQ-00076J-Fs Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij8LN-0008K6-7C Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij8LN-0008K6-7C ** ofv@???:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij8LN-0008K6-7C Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa ** sgcgd@???:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa Frozen (delivery error message)
> 2007-10-22 01:02:54 End queue run: pid=4879
> 2007-10-22 01:03:02 Connection from [210.23.1.3] refused: too many
> connections
>
> ***
> I guess it's a spammer trying to use our email domain name to send his
> messages.
> If you have any idea. I will also accept insults if i missed something
> in documentation :)
>
> Thank you in advance.
>
> Paul.
>