[exim-dev] [Bug 2250] Peculiarity with SMTP delivery in Exim…

Top Page
This message is part of the following thread:
M++++++++++++++++++\the complete thread tree sorted by date
MMMMMMMMMMMMMMMMMMMMadmin at <-
.......M..Madmin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2250] Peculiarity with SMTP delivery in Exim 4.90.1
https://bugs.exim.org/show_bug.cgi?id=2250

--- Comment #6 from David Carter <dpc22@???> ---
> It's a puzzler.

The fact that I only seem to see these errors for messages from lists.cam.ac.uk
is curious.

Actually, no: If I search my logs for the last 28 days I _do_ find some
examples involving sending systems other than lists.cam.ac.uk. However only a
handful of errors compared to the dozens of errors involving our lists system
each day:

2018-02-15 07:45:42 +0000 SMTP syntax error in "RCPT TO:<XXXXX@?am.ac.uk>"
H=mr011msr.fastwebnet.it [85.18.95.111]:37122 I=[131.111.8.146]:25 NULL
character(s) present (shown as '?')

2018-02-16 16:14:42 +0000 SMTP syntax error in "RCPT TO:?XXXXXXXX@???>"
H=mailgate.admin.cam.ac.uk (acn-sophos1.internal.admin.cam.ac.uk)
[131.111.150.75]:55429 I=[131.111.8.136]:25 NULL character(s) present (shown as
'?')

2018-02-21 12:58:39 +0000 SMTP syntax error in "RCPT TO:<XXXX?XX@???>"
H=webmail-1a.csi.cam.ac.uk [131.111.9.32]:41818 I=[131.111.8.136]:25 NULL
character(s) present (shown as '?')

2018-02-22 13:45:08 +0000 SMTP syntax error in "RCPT TO:<XX?XX@???>"
H=mailgate.admin.cam.ac.uk (megara.internal.admin.cam.ac.uk)
[131.111.150.75]:46705 I=[131.111.8.136]:25 NULL character(s) present (shown as
'?')

2018-03-05 09:44:46 +0000 SMTP syntax error in "RCPT TO:<XXXXX@???.?k>"
H=webmail-1a.csi.cam.ac.uk [131.111.9.32]:37634 I=[131.111.8.136]:25 NULL
character(s) present (shown as '?')

lists.cam.ac.uk will by far the largest source of bulk email on our network.

mailgate.admin.cam.ac.uk is another other obvious source of bulk mailshots.

Occasionally people do insist on using our webmail system to send bulk email,
regardless of what we tell them.

However the examples above do include a single example over the last 28 days of
an external system running into the same problem when it tried to send us
email.

2018-02-15 07:45:42 +0000 SMTP syntax error in "RCPT TO:<XXXXX@?am.ac.uk>"
H=mr011msr.fastwebnet.it [85.18.95.111]:37122 I=[131.111.8.146]:25 NULL
character(s) present (shown as '?')

That specific message appears to have been spam sent to around 5 expired
cam.ac.uk addresses, two existing cam.ac.uk addresses as well as the
XXXXX@?am.ac.uk, where XXXX corresponds to an existing account. Unfortunately
that seems to be a counter example to the whole "only bulk email is affected"
theory, assuming that the spammer hasn't just messed up somehow.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2250] Peculiarity with SMTP delivery in Exim 4.90.1[exim-dev] [Bug 2250] Peculiarity with SMTP delivery in Exim 4.90.1->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)