Hi,
I hope you changed the password on the server. Also try to implement Lena's block cracking:
https://github.com/Exim/exim/wiki/BlockCracking
Best Regards.
>-------- Оригинално писмо --------
>От: Flan AlFlani solo9300@???
>Относно: Re: [exim] Exim server maillog are flood by spam attemps?
>До: kuncho pencho
>Изпратено на: 15.07.2016 05:12
.abv-omExternalClass .EmailQuote { margin-left: 1.0pt; padding-left: 4.0pt; border-left: #800000 2.0px solid; }
.abv-omExternalClass p { margin-top: 0; margin-bottom: 0; }
hi
faisal.alazemi@??? is in one laptop and I change the password and shutdown that laptop and still.
From: Exim-users on behalf of kuncho pencho
Sent: Wednesday, July 13, 2016 1:43:25 PM
To: exim-users@???
Subject: Re: [exim] Exim server maillog are flood by spam attemps?
Hi,
Do you check for compromissed account? Who is
faisal.alazemi@??? ?
Best Regards.
>-------- Оригинално писмо --------
>От: Flan AlFlani solo9300@???
>Относно: Re: [exim] Exim server maillog are flood by spam attemps?
>До: kuncho pencho
>Изпратено на: 13.07.2016 16:20
.abv-omExternalClass .EmailQuote { margin-left: 1.0pt; padding-left: 4.0pt; border-left: #800000 2.0px solid; }
.abv-omExternalClass p { margin-top: 0; margin-bottom: 0; }
hide mysql_servers = localhost/AlDimnaEmailSystem/exim/IChangeThePassword
addresslist
noautoreply_senders = /etc/mail.d/exim.d/conf.d/01-autoreply.noanswer.list
SPAM_FILESIZE_LIMIT = 1M
VIRUS_FILESIZE_LIMIT = 32M
MYSQL_LOG=INSERT INTO `spamlog` ( `ID`, `MessageID`, `SenderIP`, `SenderPort`, `SenderHostname`, `SenderHelo`, `SenderAddress`, `RecipientAddress`, `Username`, `Domain`, `LoadAverage`, `SpamScore`, `MessageSize`, `BodySize`, `MessageLines`, `BodyLines`, `ReceivedHeaders`, `ReceivedProtocol`, `Cipher`, `Authenticated`, `SenderVerify`, `Age`, `TimeStamp`) \
VALUES( '${quote_mysql:$message_exim_id}', \
'${quote_mysql:$header_Message-ID:}', \
'${quote_mysql:$sender_host_address}', \
'${quote_mysql:$sender_host_port}', \
'${quote_mysql:$sender_host_name}', \
'${quote_mysql:$sender_helo_name}', \
'${quote_mysql:$sender_address}', \
CONCAT('${quote_mysql:$original_local_part}','@','${quote_mysql:$original_domain}'), \
'${quote_mysql:$local_part}', '${quote_mysql:$domain}', \
'${quote_mysql:$load_average}/1000', \
'${quote_mysql:$header_X-Spam-Score:}', \
'${quote_mysql:$message_size}', \
'${quote_mysql:$message_body_size}', \
'${quote_mysql:$message_linecount}', \
'${quote_mysql:$body_linecount}', \
'${quote_mysql:$received_count}', \
'${quote_mysql:$received_protocol}', \
'${quote_mysql:$tls_cipher}', \
'${quote_mysql:$authenticated_id}', \
'${quote_mysql:$header_X-Sender-Verify:}', \
'${quote_mysql:$message_age}', \
NOW() )
CHECK_MAIL_HELO_ISSUED = 1
primary_hostname = smtp.aldimna.com
smtp_active_hostname = ${if eq{$interface_address}{46.102.240.223}\
{aldimna.com}{smtp.aldimna.com}}
domainlist local_domains = ${lookup mysql {\
SELECT domain FROM user WHERE domain='${quote_mysql:$domain}' \
UNION \
SELECT domain FROM alias WHERE domain='${quote_mysql:$domain}' \
UNION \
SELECT domain FROM catchall WHERE domain='${quote_mysql:$domain}'\
}}
domainlist
relay_to_domains =
hostlist
relay_from_hosts =
hostlist spf_white_hosts = \
aldimna.com : \
smtp.aldimna.com
domainlist blocked_domains = lsearch;/etc/mail.d/exim.d/conf.d/disabled-domains.list
percent_hack_domains = *
acl_smtp_rcpt
= acl_check_rcpt
acl_smtp_helo
= acl_check_helo
acl_smtp_mail
= acl_check_mail
acl_smtp_mime
= acl_check_mime
acl_smtp_data
= acl_check_content
av_scanner = clamd:/var/lib/clamav/clamd.sock
spamd_address = /var/run/spamassassin/spamd.sock
tls_advertise_hosts = *
tls_certificate = /etc/ssl/certs/AlDimna-smtp-Certificate.pem
tls_privatekey = /etc/ssl/certs/AlDimna-smtp-Certificate.pem
daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465
qualify_domain = aldimna.com
never_users = root
host_lookup
= !10.0.1.0/24 : *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
dsn_from = AlDimna Mail Delivery System
smtp_enforce_sync = false
untrusted_set_sender = *
local_sender_retain = true
local_from_check = false
timezone = EST
log_selector = +address_rewrite \
+all_parents \
+arguments \
+connection_reject \
+delay_delivery \
+delivery_size \
+dnslist_defer \
+incoming_interface \
+incoming_port \
+lost_incoming_connection \
+queue_run +received_sender \
+received_recipients \
+retry_defer \
+sender_on_delivery \
+size_reject \
+skip_delivery \
+smtp_confirmation \
+smtp_connection \
+smtp_protocol_error \
+smtp_syntax_error \
+subject \
+tls_cipher \
+tls_peerdn \
+all
message_size_limit = 500M
begin acl
acl_check_helo:
deny
message
= HELO/EHLO with AlDimna ip address.
1- You are not me.
log_message
= HELO/EHLO with AlDimna ip address deny
condition
= ${if match {$sender_helo_name}{46.102.240.223} {yes}{no}}
deny
message
= HELO/EHLO with AlDimna domain name.
2- You are not me.
log_message
= HELO/EHLO AlDimna domain deny
condition
= ${if match {$sender_helo_name}{smtp.aldimna.com} {yes}{no}}
deny
message
= Fine, then the mail I accept is also none
log_message
= HELO/EHLO none deny
condition
= ${if match {$sender_helo_name}{none} {yes}{no}}
deny
message
= You are hardly local, fool
log_message
= HELO/EHLO localhost deny
condition
= ${if match {$sender_helo_name}{localhost} {yes}{no}}
deny
message
= Invalid HELO.
You must be spam or a virus, or your system administrator is an idiot.
!hosts
= +relay_from_hosts
log_message
= HELO/EHLO Invalid deny
condition
= ${if match{$sender_helo_name}{\\.}{no}{yes}}
accept
acl_check_mail:
deny
message
= \nIf you see this message then you no longer have an account with us.\nPlease if you require a backup for you account email us at admin@???.\n
log_message
= from blocked senders list
senders
= /etc/mail.d/exim.d/conf.d/disabled-senders.list
deny
message
= You're from Mailinator, go away
log_message
= Mailinator mail
senders
= *@mailinator.com
deny
message
= You are a major spammer, go away
log_message
= Pookmail mail
senders
= *@pookmail.com
deny
message
= You are a major spammer, go away
log_message
= Russian sex spam
senders
= *@mail.ru
deny
message
= \nIf you see this message then you no longer have an account with us.\nPlease if you require a backup for you account email us at admin@???.\n
log_message
= from blocked emails list
senders
= /etc/mail.d/exim.d/conf.d/disabled-emails.list
accept
acl_check_rcpt:
accept
hosts
= :
deny
message
= Sender claims to have a local address, but is neither authenticated nor relayed (try using SMTP-AUTH!)
log_message
= Forged Sender address (claims to be local user [${sender_address}], but isn't authenticated)
!hosts
= +relay_from_hosts
!authenticated
= *
condition
= ${if match_domain{$sender_address_domain}{+local_domains}}
warn
message
= You cannot be localhost.localdomain in the internet
log_message
= HELO is faked as localhost.localdomain
condition
= ${if match{$sender_helo_name}{\Nlocalhost\.localdomain\N}}
warn
message
= X-Invalid-HELO: HELO is IP only (See RFC2821 4.1.3)
log_message
= HELO ($sender_helo_name) is IP only (See RFC2821 4.1.3)
condition
= ${if isip{$sender_helo_name}}
warn
message
= X-Invalid-HELO: HELO is no FQDN (contains no dot) (See RFC2821 4.1.1.1)
log_message
= HELO ($sender_helo_name) is no FQDN (contains no dot) (See RFC2821 4.1.1.1)
condition
= ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition
= ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
warn
message
= X-Invalid-HELO: HELO is no FQDN (ends in dot) (See RFC2821 4.1.1.1)
log_message
= HELO ($sender_helo_name) is no FQDN (ends in dot) (See RFC2821 4.1.1.1)
condition
= ${if match{$sender_helo_name}{\N\.$\N}}
warn
message
= X-Invalid-HELO: HELO is no FQDN (contains double dot) (See RFC2821 4.1.1.1)
log_message
= HELO ($sender_helo_name) is no FQDN (contains double dot) (See RFC2821 4.1.1.1)
condition
= ${if match{$sender_helo_name}{\N\.\.\N}}
warn
message
= X-Invalid-HELO: Host impersonating [$primary_hostname]
log_message
= HELO ($sender_helo_name) impersonating [$primary_hostname]
condition
= ${if match{$sender_helo_name}{$primary_hostname}{yes}{no}}
warn
message
= X-Invalid-HELO: $interface_address is _my_ address
log_message
= HELO ($sender_helo_name) uses _my_ address ($interface_address)
condition
= ${if or{{\
eq{[$interface_address]}{$sender_helo_name}\
}{\
eq{$interface_address}{$sender_helo_name}\
}}}
warn
message
= X-Invalid-HELO: no HELO
log_message
= no HELO ($sender_helo_name)
condition
= ${if !def:sender_helo_name}
deny
message
= Restricted characters in address
domains
= +local_domains
local_parts
= ^[.] : ^.*[@%!/|]
deny
message
= Restricted characters in address
domains
= !+local_domains
local_parts
= ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept
local_parts
= postmaster
domains
= +local_domains
accept
local_parts
= info : marketing : sales : support : \
abuse : noc : security : postmaster : \
hostmaster : usenet : news : webmaster : \
www : uucp : ftp
domains
= +local_domains
require
verify
= sender
warn
message
= X-Sender-Verify: FAILED ($sender_verify_failure)
log_message
= Sender ($sender_address) could not be verified using callout: $acl_verify_message ($sender_verify_failure)
!verify
= sender/callout=10s,random
warn
message
= X-Sender-Verify: SUCCEEDED (sender exists & accepts mail)
verify
= sender/callout=10s,random
accept
hosts
= +relay_from_hosts
control
= submission
control
= dkim_disable_verify
accept
authenticated
= *
control
= submission/sender_retain/domain=
require message
= relay not permitted
domains
= +local_domains : +relay_to_domains
require
verify
= recipient
accept
domains
= +local_domains
endpass
verify
= recipient
accept
domains
= +relay_to_domains
endpass
verify
= recipient
accept
hosts
= +relay_from_hosts
accept
authenticated
= *
deny
message
= relay not permitted
accept
hosts
= +relay_from_hosts
accept
authenticated = *
require message = relay not permitted
domains = +local_domains : +relay_to_domains
acl_check_mime:
warn
decode
= default
deny
message
= Blacklisted file extension detected
condition
= ${if match \
{${lc:$mime_filename}} \
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.vbs)$\N} \
{1}{0}}
accept
acl_check_content:
deny
message
= This message contains malware ($malware_name)
malware
= *
warn
message
= X-Spam-Score: $spam_score ($spam_bar)
spam
= nobody:true
warn
message
= X-Spam-Report: $spam_report
spam
= nobody:true
warn
message
= Subject: ****SPAM**** $h_Subject:
spam
= nobody
warn
message
= X-Spam-Flag: YES
spam
= nobody
warn
message
= This message scored $spam_score points. Congratulations!
spam
= nobody:true
condition
= ${if >{$spam_score_int}{50}{1}{0}}
deny
message
= This message scored $spam_score points. Congratulations!
spam
= nobody:true
condition
= ${if >{$spam_score_int}{200}{1}{0}}
warn
condition
= ${if !def:h_Message-ID: {1}}
message
= Message SHOULD have Message-ID: but does not
warn
condition
= ${if !def:h_Date: {1}}
message
= Message SHOULD have Date: but does not
deny
message
= Hiding of file extensions is not allowed!
log_message
= Dangerous extension (CLSID hidden)
regex
= ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
warn
message
= X-Spam-Score: $spam_score\n\
X-Spam-Score-Int: $spam_score_int\n\
X-Spam-Bar: $spam_bar\n\
X-Spam-Report: $spam_report
!authenticated
= *
condition
= ${if < {$message_size}{SPAM_FILESIZE_LIMIT}}
spam
= spamassassin:true
defer
message
= Temporary error while spam-scanning. Please try again later.
log_message
= message temporarily rejected, because of spam-scan error (maybe timeout)
!authenticated
= *
condition
= ${if < {$message_size}{SPAM_FILESIZE_LIMIT}}
condition
= ${if !def:spam_score}
deny
message
= This message is classified as UBE (SPAM) and therefore rejected. You scored $spam_score points. Congratulations!
!authenticated
= *
condition
= ${if >={$spam_score_int}{${lookup mysql{\
SELECT ((max(spam_threshold)*2+10)*10) AS spam_reject_threshold \
FROM user \
WHERE SMTP_allowed='YES' \
}{$value}{15}}}{true}{false}}
warn
message
= X-Exim-Version: $version_number (build at $compile_date)\n\
X-Date: $tod_log\n\
X-Connected-IP: $sender_host_address:$sender_host_port
warn message
= X-Message-Linecount: $message_linecount\n\
X-Body-Linecount: $body_linecount\n\
X-Message-Size: $message_size\n\
X-Body-Size: $message_body_size
warn
log_message
= DEBUG
load_avgx1000: $load_average
spam_score: $spam_score
message_size: $message_size
accept
begin routers
reject_domains:
driver = redirect
domains = +blocked_domains
allow_fail
data = :fail: AlDimna mail server is down - please try sending your message again later.
uservacation:
driver = redirect
domains = +local_domains
allow_filter
hide_child_in_errmsg
ignore_eacces
ignore_enotdir
reply_transport = autoreply_reply
no_verify
file_transport = address_file
pipe_transport = address_pipe
directory_transport = address_directory
require_files = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf
file = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf
senders = !+noautoreply_senders
user = mail
group = mail
unseen
userautoreply:
driver = redirect
domains = +local_domains
allow_filter
hide_child_in_errmsg
ignore_eacces
ignore_enotdir
reply_transport = autoreply_reply
no_verify
file_transport = address_file
pipe_transport = address_pipe
directory_transport = address_directory
require_files = /var/mail/${domain}/${local_part}/.autoreply.conf
file = /var/mail/${domain}/${local_part}/.autoreply.conf
user = mail
group = mail
userfilter:
driver = redirect
domains = +local_domains
allow_filter
hide_child_in_errmsg
ignore_eacces
ignore_enotdir
reply_transport = autoreply_reply
no_verify
file_transport = address_file
pipe_transport = address_pipe
directory_transport = address_directory
require_files = /var/mail/${domain}/${local_part}/.filter.conf
file = /var/mail/${domain}/${local_part}/.filter.conf
user = mail
group = mail
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
mysql_all_domain_alias:
driver
= redirect
domains
= +local_domains
local_parts
= alle
data
= ${lookup mysql{ \
SELECT CONCAT(username,'@',domain) AS sendto \
FROM user \
WHERE domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}}
condition
= ${if or {{\
def:authenticated_id\
}{\
eq {$sender_host_address}{127.0.0.1}\
}}\
}
file_transport = address_file
pipe_transport = address_pipe
mysql_alias:
driver
= redirect
domains
= +local_domains
file_transport
= address_file
pipe_transport
= address_pipe
data
= ${if or {{\
def:authenticated_id\
}{\
eq {$sender_host_address}{127.0.0.1}\
}}{\
${lookup mysql{ \
SELECT sendto \
FROM alias \
WHERE ( username='${quote_mysql:$local_part}' \
AND (domain='${quote_mysql:$domain}' OR domain='') )}}\
} {\
${lookup mysql{ \
SELECT sendto \
FROM alias \
WHERE ( ( username='${quote_mysql:$local_part}' AND (domain='${quote_mysql:$domain}' OR domain='') ) \
AND internal='NO' )}}\
}}
local_part_suffix
= +*
local_part_suffix_optional
mysql_user_condition:
driver
= accept
domains
= +local_domains
caseful_local_part
= true
condition
= ${if and {{\
eq {${lookup mysql{ \
SELECT CONCAT(username,'@',domain) AS email \
FROM user \
WHERE username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}{true}{false}}}{true}\
}{\
or {{\
and {{\
eq {${sg{$local_part_suffix}{^
}{\
lt {$tod_logfile}{${sg{$local_part_suffix}{^
}\
}\
}{\
and {{\
eq {${sg{$local_part_suffix}{^
}{\
eq {$sender_address_domain}{${sg{$local_part_suffix}{^
}\
}\
}{\
and {{\
eq {${sg{$local_part_suffix}{^
}{\
eq {${str2b64:$sender_address}}{${sg{$local_part_suffix}{^
}\
}\
}\
}\
}\
}\
}
local_part_suffix
=
transport
= local_mysql_delivery
mysql_user:
driver
= accept
domains
= +local_domains
condition
= ${lookup mysql{ \
SELECT CONCAT(username,'@',domain) AS email \
FROM user \
WHERE username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}{true}{false}}
local_part_suffix
= +*
local_part_suffix_optional
transport
= local_mysql_delivery
no_more
mysql_catchall:
driver
= redirect
domains
= +local_domains
file_transport
= address_file
pipe_transport
= address_pipe
data
= ${lookup mysql{ \
SELECT sendto \
FROM catchall \
WHERE domain='${quote_mysql:$domain}' \
}}
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/mail.d/exim.d/aliases}}
file_transport = address_file
pipe_transport = address_pipe
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
uservacation:
driver = redirect
domains = +local_domains
allow_filter
hide_child_in_errmsg
ignore_eacces
ignore_enotdir
reply_transport = autoreply_reply
no_verify
file_transport = address_file
pipe_transport = address_pipe
directory_transport = address_directory
require_files = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf
file = /var/mail/${domain}/${local_part}/.autoreply.vacation.conf
senders = !+noautoreply_senders
user = mail
group = mail
unseen
userautoreply:
driver = redirect
domains = +local_domains
allow_filter
hide_child_in_errmsg
ignore_eacces
ignore_enotdir
reply_transport = autoreply_reply
no_verify
file_transport = address_file
pipe_transport = address_pipe
directory_transport = address_directory
require_files = /var/mail/${domain}/${local_part}/.autoreply.conf
file = /var/mail/${domain}/${local_part}/.autoreply.conf
user = mail
group = mail
userfilter:
driver = redirect
domains = +local_domains
allow_filter
hide_child_in_errmsg
ignore_eacces
ignore_enotdir
reply_transport = autoreply_reply
no_verify
file_transport = address_file
pipe_transport = address_pipe
directory_transport = address_directory
require_files = /var/mail/${domain}/${local_part}/.filter.conf
file = /var/mail/${domain}/${local_part}/.filter.conf
user = mail
group = mail
begin retry
*
*
F,15m,5m; F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
plain:
driver
= plaintext
public_name
= PLAIN
server_advertise_condition
= ${if eq{$tls_cipher}{}{no}{yes}}
server_condition
= ${if crypteq {$3}{\{sha1\}${lookup mysql{ \
SELECT password \
FROM user \
WHERE CONCAT(username,'@',domain)='${quote_mysql:$2}' \
AND SMTPAUTH_allowed='YES' \
}}}{yes}{no}}
server_set_id
= $2
login:
driver
= "plaintext"
public_name
= "LOGIN"
server_prompts
= Username:: : Password::
server_advertise_condition
= ${if eq{$tls_cipher}{}{no}{yes}}
server_condition
= ${if crypteq {$2}{\{sha1\}${lookup mysql{ \
SELECT password \
FROM user \
WHERE CONCAT(username,'@',domain)='${quote_mysql:$1}' \
AND SMTPAUTH_allowed='YES' \
}}}{yes}{no}}
server_set_id
= $1
From:
Exim-users
on behalf of kuncho pencho
Sent:
Wednesday, July 13, 2016 1:05:07 PM
To:
exim-users@???
Subject:
Re: [exim] Exim server maillog are flood by spam attemps?
Hi,
Could you post your acl's?
Best Regards.
>-------- Оригинално писмо --------
>От: Flan AlFlani solo9300@???
>Относно: Re: [exim] Exim server maillog are flood by spam attemps?
>До: kuncho pencho
>Изпратено на: 13.07.2016 15:52
.abv-omExternalClass P { margin-top: 0; margin-bottom: 0; }
hello kuncho pencho ,
I do use
blacklist but some how the spam seem to come back with
different email and Host
.
2016-07-13 07:41:58 [9900] 1bNJTx-0002Zd-1P => info@??? F=
P=
R=dnslookup T=remote_smtp S=3925 H=mhmxha.tele.net [194.183.128.88]:25 C="250 2.0.0 u6DCgNFs032212 Message accepted for delivery" QT=17s DT=4s
Sincerely,
From:
Exim-users
on behalf of kuncho pencho
Sent:
Wednesday, July 13, 2016 9:45 AM
To:
exim-users@???
Subject:
Re: [exim] Exim server maillog are flood by spam attemps?
Hi,
Do you use any blacklist? If not, make it. Something like that:
https://www.tekovic.com/exim-acl-for-blocking-certain-senders
Best Regards.
>-------- Оригинално писмо --------
>От: Flan AlFlani solo9300@???
>Относно: [exim] Exim server maillog are flood by spam attemps?
>До: "exim-users@???"
>Изпратено на: 13.07.2016 07:07
My log is flooded with those spam attemps and I wonder if there is a ACL can stop those attemps.
maillog (this is just a sample, my log will be over a 1000 line in an hour)
2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG
load_avgx1000: 40
spam_score: 3.2
message_size: 3497
2016-07-09 22:00:32 [2252] 1bM4ys-0000aK-QP
faisal.alazemi@???
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alazemi@??? S=5167 id=0000b8dcc2ec$88e3d824$09deabe2$@??? T="nouvelles" from
faisal.alazemi@??? > for
siew3748@???
kammari.murali@???
kanopi@???
karenyesujin@???
kerct1969@???
2016-07-09 22:00:32 [2401] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4ys-0000aK-QP
2016-07-09 22:00:34 [2401] 1bM4ys-0000aK-QP =>
kammari.murali@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119641 qt8si326075wjc.22 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP =>
siew3748@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP ->
kanopi@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP ->
karenyesujin@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP ->
kerct1969@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4156 H=mta5.am0.yahoodns.net [98.138.112.33]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel 4/0" QT=9s DT=7s
2016-07-09 22:00:39 [2401] 1bM4ys-0000aK-QP Completed QT=9s
2016-07-09 22:00:41 [2252] 1bM4z2-0000aK-1R H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 Warning: DEBUG
load_avgx1000: 30
spam_score: 1.2
message_size: 3405
2016-07-09 22:00:41 [2252] 1bM4z2-0000aK-1R
faisal.alazemi@???
H=192-159-50-175.oolw.qwirelessbb.net (avovj.com) [192.159.50.175]:41053 I=[10.0.1.1]:465 P=esmtpsa X=UNKNOWN:AES256-GCM-SHA384:256 CV=no A=login:faisal.alazemi@??? S=5002 id=00007bfddeb3$b987df01$0586e10c$@??? T="c\342\200\231est si excitant" from
faisal.alazemi@??? > for
florencekhaw@???
sweetlin@???
ticiku@???
yhkhor@???
greenven@???
2016-07-09 22:00:41 [2444] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bM4z2-0000aK-1R
2016-07-09 22:00:44 [2444] 1bM4z2-0000aK-1R =>
florencekhaw@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:44 [2444] 1bM4z2-0000aK-1R ->
ticiku@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4060 H=gmail-smtp-in.l.google.com [74.125.136.27]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1468119651 y142si5687414wme.31 - gsmtp" QT=4s DT=2s
2016-07-09 22:00:46 [2444] 1bM4z2-0000aK-1R =>
sweetlin@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4060 H=mx4.hotmail.com [65.55.37.104]:25 X=UNKNOWN:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=*.hotmail.com" C="250
Queued mail for delivery" QT=6s DT=4s
2016-07-09 22:00:51 [2444] 1bM4z2-0000aK-1R =>
greenven@???
F= faisal.alazemi@??? > P= faisal.alazemi@??? > R=dnslookup T=remote_smtp S=4060 H=mta5.am0.yahoodns.net [98.138.112.35]:25 X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*.am0.yahoodns.net" C="250 ok dirdel" QT=11s DT=5s
2016-07-09 22:02:51 [2450] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-09 22:02:51 [2444] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-09 22:07:25 [2668] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2016-07-09 22:44:09 [3190] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-09 22:44:09 [3189] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-09 23:18:58 [5210] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-09 23:18:58 [5209] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-09 23:44:40 [5472] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-09 23:44:40 [5471] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-10 00:30:50 [6963] 1bM4z2-0000aK-1R mailrelay.tab.com.my [202.188.95.55]:25 Connection timed out
2016-07-10 00:30:50 [6962] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (110): Connection timed out
2016-07-10 00:42:08 [7311] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2016-07-10 01:25:13 [9147] 1bM4z2-0000aK-1R ==
yhkhor@???
R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2016-07-10 01:47:06 [9578] 1bM4z2-0000aK-1R failed to expand "${lookup mysql {SELECT domain FROM user WHERE domain='${quote_mysql:$domain}' UNION SELECT domain FROM alias WHERE domain='${quote_mysql:$domain}' UNION SELECT domain FROM catchall WHERE domain='${quote_mysql:$domain}'}}" while checking a list: lookup of "SELECT domain FROM user WHERE domain='tm.net.my' UNION SELECT domain FROM alias WHERE domain='tm.net.my' UNION SELECT domain FROM catchall WHERE domain='tm.net.my'" gave DEFER: MYSQL connection failed: Can't connect to local MySQL server through socket '/run/mysqld/mysqld.sock' (2 "No such file or directory")
2016-07-10 01:47:06 [9578] 1bM4z2-0000aK-1R ==
yhkhor@???
R=uservacation defer (-1): domains check lookup or other defer
2016-07-10 01:47:23 [9742] 1bM4z2-0000aK-1R ==
yhkhor@???
routing defer (-51): retry time not reached
2016-07-10 01:47:24 [9801] cwd=/home/admin 68 args: exim -Mrm 1bM4z2-0000aK-1R 1bM51q-0000fL-1B 1bM52c-0000fL-AK 1bM52l-0000fL-Mn 1bM52v-0000fL-4U 1bM56n-0000hM-8O 1bM56r-0000hM-UJ 1bM575-0000hM-Hi 1bM5TM-0000li-AB 1bM5TS-0000li-Ra 1bM5Yq-0000mp-Gt 1bM5d4-0000pM-Jt 1bM5l8-0000qH-SC 1bM5lE-0000qH-Oq 1bM5lQ-0000qH-Gy 1bM5lT-0000qH-Kj 1bM5ld-0000qH-FR 1bM5mA-0000se-IN 1bM5mH-0000se-Jy 1bM5mP-0000se-65 1bM68I-0001Eg-Sw 1bM68x-0001Eg-ID 1bM6Xu-0001Pi-OD 1bM6ba-0001QJ-I8 1bM6bk-0001QJ-Om 1bM6bs-0001QJ-AT 1bM6bz-0001QJ-AL 1bM6c4-0001QJ-P4 1bM6cD-0001QJ-1b 1bM6oE-0001Si-IX 1bM6oR-0001Si-23 1bM6oX-0001Si-GL 1bM6yf-0001e4-Mf 1bM6yp-0001e4-TJ 1bM71Z-0001g8-2B 1bM71g-0001g8-Qm 1bM71o-0001g8-6z 1bM71t-0001g8-9L 1bM75g-0001jI-B6 1bM75t-0001jI-7W 1bM75z-0001jI-I3 1bM7Ki-0001pf-6t 1bM7Kv-0001pf-6e 1bM7L8-0001pn-Mk 1bM7dj-0001vg-2a 1bM7e1-0001vg-3w 1bM7e6-0001vg-TP 1bM7hP-0001xz-VL 1bM7kZ-00020e-19 1bM7kf-00020e-AH 1bM7kn-00020e-0G 1bM7ks-00020e-6h 1bM7ky-00020e-8q 1bM7l2-00020e-Or 1bM7l7-00
0
20e-Ay 1bM7lC-00020e-8N 1bM7lI-00020e-6R 1bM7lN-00020e-Eh 1bM7qH-0002Bu-Mm 1bM7qY-0002Bu-IK 1bM8E9-0002OG-0J 1bM8EB-0002OG-HP 1bM8EE-0002OG-0j 1bM8EG-0002OG-GX 1bM8EI-0002OG-W7 1bM8EQ-0002OG-GW
2016-07-10 01:47:24 [9801] 1bM4z2-0000aK-1R removed by root
2016-07-10 01:47:24 [9801] 1bM4z2-0000aK-1R Completed
any help would be greatly appreciated
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
