Today I got a notification:
I looked at the file /var/log/exim/mainlog and found full of these reports (Note that I replaced the real domain name with mydomain.com for security):
I tried to suspend the account of the customer to rule out that the problem was any email address compromise or some script on their site, but the messages in the log continue to go out, I tried to feel it and told me that the other day were infected by a virus on one of their pc. I am a bit 'worried because I do not know exactly what's going on and I do not know if it is dangerous, and what I can do. Can someone help me understand and possibly suggest something?
Thanks in advance and sorry for my english
Code:
A new message or response with subject:
Warning: 1500 emails have just been sent by mydomain
I looked at the file /var/log/exim/mainlog and found full of these reports (Note that I replaced the real domain name with mydomain.com for security):
Code:
2015-05-14 16:00:44 H=(mail.mydomain.com) [64.128.31.23] sender verify fail for <[email protected]>: Unrouteable address
2015-05-14 16:00:44 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:00:45 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:00:45 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:00:45 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:00:45 failed to expand condition "${if and{{bool_lax{NULL}}{bool_lax{${perl{check_limits}}}}}}" for lookuphost router: You (mydomain) have reached your daily email limit of 1500 emails
2015-05-14 16:15:50 H=(mail.mydomain.com) [64.128.31.23] sender verify fail for <[email protected]>: Unrouteable address
2015-05-14 16:15:50 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:15:50 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:15:50 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:15:51 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:15:51 failed to expand condition "${if and{{bool_lax{NULL}}{bool_lax{${perl{check_limits}}}}}}" for lookuphost router: You (mydomain) have reached your daily email limit of 1500 emails
I tried to suspend the account of the customer to rule out that the problem was any email address compromise or some script on their site, but the messages in the log continue to go out, I tried to feel it and told me that the other day were infected by a virus on one of their pc. I am a bit 'worried because I do not know exactly what's going on and I do not know if it is dangerous, and what I can do. Can someone help me understand and possibly suggest something?
Thanks in advance and sorry for my english