I've been studying this for about nine hours now and I'm not getting
anywhere <frown>.
I see similar messages in my mainlog:
<snip>
2008-02-11 15:57:37 1JOiWn-0005QW-E3 <= nhzpnlaqmsdg@???
H=(67.30.130.182) [125.110.187.29] P=smtp S=2271
id=muktyuejrcyhtvpwklqqgvl.93350931305311046071940@???
T="¡À¨k¤Í¤£¦b½â°ü©f±a¨â«È¥S¥h¶º©±´¡" from <nhzpnlaqmsdg@???> for
mavie@??? l22a00@??? lkk23lam@???
mschang@??? moon438@??? motcom@???
m9168@??? leslie.ch@??? mabher0906@???
meishen.liu@???
</snip>
The IP# in parenthesis is the server's IP#. The IP# in square brackets
is always in the is always an IP# beginning with 125.110.
Where is this email coming from? How can I block email from
125.110.x.y?
(I've already tried obvious ways, like blocking it in deny.hosts and in
a blocklist local to exim.
Or is this email really from 125.110?
What can I add to my logs to know more?
Any help will be greatly appreciated as right now I'm killing all email
in queues every seven minutes just to keep the server up.
Thanks.
Jeff
--
Jeff Lasman, Nobaloney Internet Services
P.O. Box 52200, Riverside, CA 92517
Our blists address used on lists is for list email only
voice: +1 951 643-5345, or see:
"
http://www.nobaloney.net/contactus.html"