Author: Cyborg Date: To: exim-users Subject: Re: [exim] Hit with some kind of hidden multiple recipients relay
hack?
Am 22.02.22 um 19:39 schrieb Henry S. Thompson via Exim-users: > I came back from a few days out of town to find 1000s of frozen queue
> entries and my server blacklisted by gmail. Here's a sample:
>
>
> I don't have open relaying set up, at least I don't think so, and a
> few online checkers agree...
>
> How is this happening/where are the recipients coming from?
>
> More importantly, how do I fix my exim4 configuration to stop this!
>
You need to post more infos, i.e. the exim mainlog for this message and
you need to tell us (besides it's from china),
who 103.104.169.173 <=> ogcb16c7f19.openstacklocal is: yours or an
external server?
judding just by the given header, i think you have a big open hole in
your config and should shutdown it now.
i.e. open delivery via port 465 or 587 or someone nicked your
credentials for your mailbox.
Don't panic about google, they will delist your server quickly when he
stops spamming.