On 22/02/2022 18:39, Henry S. Thompson via Exim-users wrote:
> I came back from a few days out of town to find 1000s of frozen queue
> entries and my server blacklisted by gmail. Here's a sample:
>
> : mailq | head -20
> 6d 1.3K 1nKNYR-000bDv-0w <test@???> *** frozen ***
> D 0002arun@???
> D 0005ace@???
> D 00076alek@???
> D 0007sd@???
> D 000top@???
> D 001adline@???
> D 001andrecarter@???
> D 001mayer@???
> D 001ndumiso@???
> D 001ontu@???
> D 001oricom@???
> D 002samudra@???
> D 002xyz@???
> 003garciab1@???
> D 0069kh@???
> D 007forme@???
>
> And here's what that item looks like in detail:
>
> : exim4 -Mvc 1nKNYR-000bDv-0w|head -20
> Received: from [103.104.169.173] (helo=ogcb16c7f19.openstacklocal)
> by home.hst.name with esmtp (Exim 4.94.2)
> (envelope-from <test@???>)
> id 1nKNYR-000bDv-0w; Wed, 16 Feb 2022 16:53:23 +0000
> Content-Type: text/plain; charset="utf-8"
> MIME-Version: 1.0
> Content-Transfer-Encoding: quoted-printable
> Content-Description: Mail message body
> Subject: From The Commissioner Debt Management Service
> To: Recipients <test@???>
> From: "Mr. Timothy Gribben" <test@???>
> Date: Thu, 17 Feb 2022 00:53:15 +0800
> Reply-To: timothygribs00@???
>
> ...
>
> I don't have open relaying set up, at least I don't think so, and a
> few online checkers agree...
>
> How is this happening/where are the recipients coming from?
Start with your log. How was 1nKNYR-000bDv-0w submitted?
From the headers:
Is "home.hst.name" your system? (PS: Obfuscation makes it
harder to help). Is [103.104.169.173] on your net?
--
Cheers,
Jeremy
