Hi,
Could you post your acl's?
Best Regards.
>-------- Оригинално писмо --------
>От: Flan AlFlani solo9300@???
>Относно: Re: [exim] Exim server maillog are flood by spam attemps?
>До: kuncho pencho
>Изпратено на: 13.07.2016 15:52
.abv-omExternalClass P { margin-top: 0; margin-bottom: 0; }
hello kuncho pencho ,
I do use
blacklist but some how the spam seem to come back with
different email and Host
.
2016-07-13 07:41:58 [9900] 1bNJTx-0002Zd-1P => info@??? F= P= R=dnslookup T=remote_smtp S=3925 H=mhmxha.tele.net [194.183.128.88]:25 C="250 2.0.0 u6DCgNFs032212 Message accepted for delivery" QT=17s DT=4s
Sincerely,
From: Exim-users on behalf of kuncho pencho
Sent: Wednesday, July 13, 2016 9:45 AM
To: exim-users@???
Subject: Re: [exim] Exim server maillog are flood by spam attemps?
Hi,
Do you use any blacklist? If not, make it. Something like that:
https://www.tekovic.com/exim-acl-for-blocking-certain-senders
Best Regards.
>-------- Оригинално писмо --------
>От: Flan AlFlani solo9300@???
>Относно: [exim] Exim server maillog are flood by spam attemps?
>До: "exim-users@???"
>Изпратено на: 13.07.2016 07:07
My log is flooded with those spam attemps and I wonder if there is a ACL can stop those attemps.
maillog (this is just a sample, my log will be over a 1000 line in an hour)
2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG
load_avgx1000: 40
spam_score: 3.2
message_size: 3497
2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP
faisal.alazemi@???
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alazemi@??? S=5167 id=0000b8dcc2ec$88e3d824$09deabe2$@??? T="nouvelles" from
faisal.alazemi@??? > for
siew3748@???
kammari.murali@???
kanopi@???
karenyesujin@???
kerct1969@???
2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4ys-0000aK-QP
2016-07-09 22:00:34 [2401] 1bM4ys-0000aK-QP =>
kammari.murali@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP =>
siew3748@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP ->
kanopi@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP ->
karenyesujin@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP ->
kerct1969@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP Completed QT=9s
2016-07-09 22:00:41 [2252] 1bM4z2-0000aK-1R H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG
load_avgx1000: 30
spam_score: 1.2
message_size: 3405
2016-07-09 22:00:41 [2252] 1bM4z2-0000aK-1R
faisal.alazemi@???
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alazemi@??? S=5002 id=00007bfddeb3$b987df01$0586e10c$@??? T="c\342\200\231est si excitant" from
faisal.alazemi@??? > for
florencekhaw@???
sweetlin@???
ticiku@???
yhkhor@???
greenven@???
2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4z2-0000aK-1R
2016-07-09 22:00:44 [2444] 1bM4z2-0000aK-1R =>
florencekhaw@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:44 [2444] 1bM4z2-0000aK-1R ->
ticiku@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:46 [2444] 1bM4z2-0000aK-1R =>
sweetlin@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4060 H=mx4.hotmail.com [65.55.37.104]:25 X=UNKNOWN:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=*.hotmail.com" C="250
Queued mail for delivery" QT=6s DT=4s
2016-07-09 22:00:51 [2444] 1bM4z2-0000aK-1R =>
greenven@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4060 H=mta5.am0.yahoodns.net [98.138.112.35]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel" QT=11s DT=5s
2016-07-09 22:02:51 [2450] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-09 22:02:51 [2444] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-09 22:07:25 [2668] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2016-07-09 22:44:09 [3190] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-09 22:44:09 [3189] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-09 23:18:58 [5210] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-09 23:18:58 [5209] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-09 23:44:40 [5472] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-09 23:44:40 [5471] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-10 00:30:50 [6963] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-10 00:30:50 [6962] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-10 00:42:08 [7311] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2016-07-10 01:25:13 [9147] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2016-07-10 01:47:06 [9578] 1bM4z2-0000aK-1R failed to expand "${lookup mysql {SELECT domain FROM user WHERE domain='${quote_mysql:$domain}' UNION SELECT domain FROM alias WHERE domain='${quote_mysql:$domain}' UNION SELECT domain FROM catchall WHERE domain='${quote_mysql:$domain}'}}" while checking a list: lookup of "SELECT domain FROM user WHERE domain='tm.net.my' UNION SELECT domain FROM alias WHERE domain='tm.net.my' UNION SELECT domain FROM catchall WHERE domain='tm.net.my'" gave DEFER: MYSQL connection failed: Can't connect to local MySQL server through socket '/run/mysqld/mysqld.sock' (2 "No such file or directory")
2016-07-10 01:47:06 [9578] 1bM4z2-0000aK-1R ==
yhkhor@???
R=uservacation defer (-1): domains check lookup or other defer
2016-07-10 01:47:23 [9742] 1bM4z2-0000aK-1R ==
yhkhor@???
routing defer (-51): retry time not reached
2016-07-10 01:47:24 [9801] cwd=/home/admin 68 args: exim -Mrm 1bM4z2-0000aK-1R 1bM51q-0000fL-1B 1bM52c-0000fL-AK 1bM52l-0000fL-Mn 1bM52v-0000fL-4U 1bM56n-0000hM-8O 1bM56r-0000hM-UJ 1bM575-0000hM-Hi 1bM5TM-0000li-AB 1bM5TS-0000li-Ra 1bM5Yq-0000mp-Gt 1bM5d4-0000pM-Jt 1bM5l8-0000qH-SC 1bM5lE-0000qH-Oq 1bM5lQ-0000qH-Gy 1bM5lT-0000qH-Kj 1bM5ld-0000qH-FR 1bM5mA-0000se-IN 1bM5mH-0000se-Jy 1bM5mP-0000se-65 1bM68I-0001Eg-Sw 1bM68x-0001Eg-ID 1bM6Xu-0001Pi-OD 1bM6ba-0001QJ-I8 1bM6bk-0001QJ-Om 1bM6bs-0001QJ-AT 1bM6bz-0001QJ-AL 1bM6c4-0001QJ-P4 1bM6cD-0001QJ-1b 1bM6oE-0001Si-IX 1bM6oR-0001Si-23 1bM6oX-0001Si-GL 1bM6yf-0001e4-Mf 1bM6yp-0001e4-TJ 1bM71Z-0001g8-2B 1bM71g-0001g8-Qm 1bM71o-0001g8-6z 1bM71t-0001g8-9L 1bM75g-0001jI-B6 1bM75t-0001jI-7W 1bM75z-0001jI-I3 1bM7Ki-0001pf-6t 1bM7Kv-0001pf-6e 1bM7L8-0001pn-Mk 1bM7dj-0001vg-2a 1bM7e1-0001vg-3w 1bM7e6-0001vg-TP 1bM7hP-0001xz-VL 1bM7kZ-00020e-19 1bM7kf-00020e-AH 1bM7kn-00020e-0G 1bM7ks-00020e-6h 1bM7ky-00020e-8q 1bM7l2-00020e-Or 1bM7l7-00
0
20e-Ay 1bM7lC-00020e-8N 1bM7lI-00020e-6R 1bM7lN-00020e-Eh 1bM7qH-0002Bu-Mm 1bM7qY-0002Bu-IK 1bM8E9-0002OG-0J 1bM8EB-0002OG-HP 1bM8EE-0002OG-0j 1bM8EG-0002OG-GX 1bM8EI-0002OG-W7 1bM8EQ-0002OG-GW
2016-07-10 01:47:24 [9801] 1bM4z2-0000aK-1R removed by root
2016-07-10 01:47:24 [9801] 1bM4z2-0000aK-1R Completed
any help would be greatly appreciated
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
