Grant Peel wrote:
> Hi all,
>
> I have been wrestling with my servers trying to cut down on the amount of spam we are sending.
>
> Can someone translate these log lines:
>
> 2008-03-16 18:36:06 1Jb1SX-000Eu2-Ll <= <> R=1Jb1SV-000Etp-55 U=mailnull P=local S=1185
> ...
> 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll ** binod@??? R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<binod@???>: host borland-mxa.mail.eds.net [192.85.154.83]: 550 5.1.2 <binod@???>... Rejected: 69.90.69.141 Backscatter
> 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll binod@???: error ignored
> 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll Completed
>
> it looks to me as if the original message was rejected because the remote mail host seen my server as a spammer.
>
> What I need to know, is how did the original message (log line 1) get into my server at all? How can I beef up the loggin to tell me if it was a localy generated message, or if Ihave a hacked account. (password 'guessed').?
>
> -Grant
It's a bounce message generated by your server.
Look for an email from binod@??? heading into your server. See
what it was doing.
My guess is that you're accepting email that you shouldn't and
subsequently bouncing it. Make sure you are checking for valid recipient
before you accept the email at RCPT time.
The remote server is rejecting you because you are trying to bounce a
message to them that they don't seem to have sent. My guess is that they
keep track of every single outgoing email from/to and don't accept
bounces that don't match up.
--
The Exim Manual
http://www.exim.org/docs.html
http://www.exim.org/exim-html-current/doc/html/spec_html/index.html