----- Original Message -----
From: "Ted Cooper" <eximX1211@???>
To: <exim-users@???>
Sent: Monday, March 17, 2008 9:52 AM
Subject: Re: [exim] Better Tracking
> Grant Peel wrote:
>> Hi all,
>>
>> I have been wrestling with my servers trying to cut down on the amount of
>> spam we are sending.
>>
>> Can someone translate these log lines:
>>
>> 2008-03-16 18:36:06 1Jb1SX-000Eu2-Ll <= <> R=1Jb1SV-000Etp-55 U=mailnull
>> P=local S=1185
>> ...
>> 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll ** binod@??? R=dnslookup
>> T=remote_smtp: SMTP error from remote mail server after RCPT
>> TO:<binod@???>: host borland-mxa.mail.eds.net [192.85.154.83]:
>> 550 5.1.2 <binod@???>... Rejected: 69.90.69.141 Backscatter
>> 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll binod@???: error ignored
>> 2008-03-16 18:36:14 1Jb1SX-000Eu2-Ll Completed
>>
>> it looks to me as if the original message was rejected because the remote
>> mail host seen my server as a spammer.
>>
>> What I need to know, is how did the original message (log line 1) get
>> into my server at all? How can I beef up the loggin to tell me if it was
>> a localy generated message, or if Ihave a hacked account. (password
>> 'guessed').?
>>
>> -Grant
>
> It's a bounce message generated by your server.
>
> Look for an email from binod@??? heading into your server. See
> what it was doing.
>
> My guess is that you're accepting email that you shouldn't and
> subsequently bouncing it. Make sure you are checking for valid recipient
> before you accept the email at RCPT time.
>
> The remote server is rejecting you because you are trying to bounce a
> message to them that they don't seem to have sent. My guess is that they
> keep track of every single outgoing email from/to and don't accept
> bounces that don't match up.
> --
> The Exim Manual
> http://www.exim.org/docs.html
> http://www.exim.org/exim-html-current/doc/html/spec_html/index.html
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
Excellent,
Then when I grep the original message, I see this:
2008-03-16 18:36:05 1Jb1SV-000Etp-55 <= binod@??? U=mailnull
P=spam-scanned S=3313 id=00 c887b6$075bb784$63a9baaa@foivved
2008-03-16 18:36:05 1Jb1SV-000Etp-55 ** kempsmeal@???
<info@???> R=dnslooku remote_smtp: SMTP error from
remote mail server after end of data: host mailin-01.mx.aol.com [20
8.156.248]: 554-: (HVU:B1)
http://postmaster.info.aol.com/errors/554hvub1.html\n554 TRANSACTION LED
So how do I figure out HOW it came to my server to begin with?
-Grant