Exim problem

Alan Cohen alan-QVObF66B6qeOg/Yh5kgvkFaTQe2KTcn/ at public.gmane.org
Thu Dec 11 04:45:14 UTC 2003 

Hello all

I'm having a heck of a problem. My system supposedly does not allow
unauthorized relaying, yet Exim V4 is apparently sending out hundreds
and hundreds of messages (to persons-YDxpq3io04c at public.gmane.org).

- It would seem they are "from" apache-WYle8UNbkfMGClDRh0WFwpAGcjtitEbrAL8bYrjMMd8 at public.gmane.org
- Their source is P=local (not smtp) Somehow, these messages are
  originating from my system. (not relayed from somewhere else)

- Local user p911-alan is the first recipient. His message shows that
  there is one (and only one) additional "To" who is a non-existent
  person-PyrWk/hl1m8sac7YOPP9X1aTQe2KTcn/@public.gmane.org
- /var/log/exim/main.log shows a heck of a lot of other people are being
  sent that same message

Does anyone have any suggestions?
I'd sure like to know how this guy is doing it...


exigrep extract re: 2003-12-10 22:05:56 1AUH9I-0000Eb-Qr

<= apache-WYle8UNbkfMGClDRh0WFwpAGcjtitEbrAL8bYrjMMd8 at public.gmane.org U=apache P=local S=3387 T="Adobe Photoshop"

lowest numbered MX record points to local host: www.perimeter911.com

== cristi898-PyrWk/hl1m8sac7YOPP9X1aTQe2KTcn/@public.gmane.org R=lookuphost defer (-1):
   lowest numbered MX record points to local host

=> p911-alan <answers-I2tnHk3vA3RB9i3/4EaAEw at public.gmane.org> R=local_director T=maildir_delivery

Remote host mailin-02.mx.aol.com [205.188.159.57] closed connection in
   response to end of data

=> mawwwwwwww-YDxpq3io04c at public.gmane.org R=lookuphost T=remote_smtp H=mailin-02.mx.aol.com [205.188.159.57]
-> gwbw2-YDxpq3io04c at public.gmane.org      R=lookuphost T=remote_smtp H=mailin-02.mx.aol.com [205.188.159.57]
-> ..and hundreds of more recipient-5uyhOP+zmq2tXF2fZOsJYA at public.gmane.org


-- 
-------------------------------------- Please do not respond in HTML
Alan Cohen alan-QVObF66B6qeOg/Yh5kgvkFaTQe2KTcn/@public.gmane.org
voice: 416-783-9826
fax:   240-269-7457

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list