On Tue, Mar 04, 2008 at 10:22:03AM -0500, Grant Peel wrote:
> Matt, Peter and all,
>
> No these are backscatter bounces.
>
> Non existent addresses on my server(s) are being sent SPAM with forged
> remote 'From:' addresses. Then, those spams are being bounced to the remote
> address' (from my servers)!
Can you try something like the following for me:
cd /var/log/exim (or wherever your logs are kept)
grep '<= <> .* P=local' mainlog | head -5 | \
while read L ; do set $L ; \
zgrep -h ${6#R=} `ls -tr mainlog*` ; zgrep -h $3 `ls -tr mainlog*` ; \
echo; done
which basically picks a couple of examples of bounces being sent from your
server, and shows the log lines for both the original incoming message, and
the outgoing bounce. (Yeah, maybe there's a better way of doing that. It
works for me).
Please run that command and then paste the output back here, unaltered (i.e.
http://wiki.exim.org/DontObfuscate, just in case you were planning on doing
so). Thanks!
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
