Re: [exim] Exim server maillog are flood by spam attemps?

On 13.07.2016 06:07, Flan AlFlani wrote:
> My log is flooded with those spam attemps and I wonder if there is a ACL can stop those attemps.

These are not attempts, but successful misuse of your server as an open
relay! 1st example:

> 2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG load_avgx1000: 40 spam_score: 3.2 message_size: 3497
> 2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP <= faisal.alazemi@??? H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alazemi@??? S=5167 id=0000b8dcc2ec$88e3d824$09deabe2$@??? T="nouvelles" from <faisal.alazemi@???> for siew3748@??? kammari.murali@??? kanopi@??? karenyesujin@??? kerct1969@???
> 2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4ys-0000aK-QP
> 2016-07-09 22:00:34 [2401] 1bM4ys-0000aK-QP => kammari.murali@??? F=<faisal.alazemi@???> P=<faisal.alazemi@???> R=dnslookup T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s
> 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP => siew3748@??? F=<faisal.alazemi@???> P=<faisal.alazemi@???> R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
> 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP -> kanopi@??? F=<faisal.alazemi@???> P=<faisal.alazemi@???> R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
> 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP -> karenyesujin@??? F=<faisal.alazemi@???> P=<faisal.alazemi@???> R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
> 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP -> kerct1969@??? F=<faisal.alazemi@???> P=<faisal.alazemi@???> R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
> 2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP Completed QT=9s

The mail from faisal IS accepted and delivered SUCCESSFULLY to the shown
gmail and yahoo accounts. An open relay is a nuisance more to those
receivers, as they DO get spammed! You only see it in your logs. You
will have problems as soon as open relay and spam DBs list you as offender.

> any help would be greatly appreciated

This is a more complex matter. You should start by UYFSE to search for
terms like "exim open relay" and learn how to configure exim.