Re: [exim] SMTP error from remote mail server after pipeline…

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim users
Subject: Re: [exim] SMTP error from remote mail server after pipelined MAIL
On 25 Sep 2019, at 15:43, necktwi via Exim-users <exim-users@???> wrote:
> How to run recovery? I tried rm -rf /var/spool/exim/db/* and started the exim


That’s one perfectly valid way, although there are others specific to the Berkeley DB tools you have installed (or can install).

However:

> These messages are being flooded every second! How did info@??? pipeline mail to yahoo from my server? I didn't send any mail to any gmail user and how come my exim server is pipelining a request to gmail server every second?


You need to look at your logs in more detail, for the lines containing ‘ <= ‘. That’ll show from where the messages are arriving.

It’s almost certainly going to be one of the following in decreasing order of likelihood but increasing seriousness:

1. Compromised account using SMTP Auth
2. Compromised account using webmail
3. Configuration allowing open relay
4. Configuration allowing relay from a box which has been compromised
5. Compromised account running arbitrary code on your box

Graeme