My DNS is configured properly.
I've solved the issue for now, by doing an end run around it. I've removed
exim4 and installed Postfix.
I'd still like to know what caused the issue. I first suspected a break-in,
and can't rule it out, but have confirmed cdorked is not running on the
server, and I wasn't really in the "at risk" group anyway (no cpanel).
Still the only logical answer is a backdoor attack, since "I" didn't change
anything to make it break. No updates, no modifications of files in or
close to the date range. The system had been running with a 100% (or nearly
so) uptime for 15 months (last time a HW upgrade was done) and the last
change occurred over a month ago.
DNS issues would have happened right away, or immediately after an
update/change.
Strange it was working, then 10 hours later it was not.
Thanks for responding,
Jack
On Mon, May 13, 2013 at 7:24 AM, Jeremy Harris <jgh@???> wrote:
> On 11/05/2013 06:39, QC wrote:
>
>> 2013-05-08 10:38:35 Received from myid@??? H=localhost (
>> www.myhost.com) [127.0.0.1] P=esmtp S=2462 id=
>> ecf6982263527ad20c5258c9ac102a**fa.squirrel@www.myhost.com<ecf6982263527ad20c5258c9ac102afa.squirrel@www.myhost.com>
>> 2013-05-08 10:41:40 failed to expand helo_data: lookup of
>> "ptr=XXX.XXX.XXX"
>> gave DEFER:
>>
>
> Smells like a DNS issue; can you try with dig or nslookup,
> requesting a reverse-lookup of that IP?
> --
> Cheers,
> Jeremy
>
>
>
> --
> ## List details at https://lists.exim.org/**mailman/listinfo/exim-users<https://lists.exim.org/mailman/listinfo/exim-users>
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
