Re: [exim] Backscatter Spam Again. HELP PLEASE!

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: exim-users
Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE!
On Tue, Mar 04, 2008 at 10:22:03AM -0500, Grant Peel wrote:
> Matt, Peter and all,
>
> No these are backscatter bounces.
>
> Non existent addresses on my server(s) are being sent SPAM with forged
> remote 'From:' addresses. Then, those spams are being bounced to the remote
> address' (from my servers)!


Can you try something like the following for me:

cd /var/log/exim (or wherever your logs are kept)

grep '<= <> .* P=local' mainlog | head -5 | \
while read L ; do set $L ; \
zgrep -h ${6#R=} `ls -tr mainlog*` ; zgrep -h $3 `ls -tr mainlog*` ; \
echo; done

which basically picks a couple of examples of bounces being sent from your
server, and shows the log lines for both the original incoming message, and
the outgoing bounce. (Yeah, maybe there's a better way of doing that. It
works for me).

Please run that command and then paste the output back here, unaltered (i.e.
http://wiki.exim.org/DontObfuscate, just in case you were planning on doing
so). Thanks!

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey