Need some advice guys, getting this in the exim main log every 5 minutes.
The mailserver in question is one of our customers, however the logs appear on our own mailserver. The customer is a spammer and we'll terminate once we find out what is going on here.
My guess is some script is on our server and he's trying to forward mail from his server to our mailserver? Or, he's directly using our mailserver but it fails? I'm a bit confused here and have never seen anything like this.
xxx.xxx.xxx is the customer's ip.
Disabling port 25 and blocking the ip stops the log entries. I did a search on our mailserver and nothing listening on port 25 when the log entry pops up every 5 minutes and no suspicious process starting either. What are we dealing with here?
2019-03-15 00:05:01 no host name found for IP address xxx.xxx.xxx.xxx
2019-03-15 00:05:01 ReverseDNS: No reverse DNS for mailserver at xxx.xxx.xxx.xxx, +100 Spam score
2019-03-15 00:05:01 H=(xxx.xxx.xxx) [xxx.xxx.xxx] sender verify fail for <[email protected]>: Unrouteable address
2019-03-15 00:05:01 H=(xxx.xxx.xxx) [xxx.xxx.xxx] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2019-03-15 00:05:01 H=(xxx.xxx.xxx.com) [xxx.xxx.xxx] incomplete transaction (connection lost) from <[email protected]>
2019-03-15 00:05:01 unexpected disconnection while reading SMTP command from (xxx.xxx.xxx.xxx) [xxx.xxx.xxx] D=0s
The mailserver in question is one of our customers, however the logs appear on our own mailserver. The customer is a spammer and we'll terminate once we find out what is going on here.
My guess is some script is on our server and he's trying to forward mail from his server to our mailserver? Or, he's directly using our mailserver but it fails? I'm a bit confused here and have never seen anything like this.
xxx.xxx.xxx is the customer's ip.
Disabling port 25 and blocking the ip stops the log entries. I did a search on our mailserver and nothing listening on port 25 when the log entry pops up every 5 minutes and no suspicious process starting either. What are we dealing with here?
2019-03-15 00:05:01 no host name found for IP address xxx.xxx.xxx.xxx
2019-03-15 00:05:01 ReverseDNS: No reverse DNS for mailserver at xxx.xxx.xxx.xxx, +100 Spam score
2019-03-15 00:05:01 H=(xxx.xxx.xxx) [xxx.xxx.xxx] sender verify fail for <[email protected]>: Unrouteable address
2019-03-15 00:05:01 H=(xxx.xxx.xxx) [xxx.xxx.xxx] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2019-03-15 00:05:01 H=(xxx.xxx.xxx.com) [xxx.xxx.xxx] incomplete transaction (connection lost) from <[email protected]>
2019-03-15 00:05:01 unexpected disconnection while reading SMTP command from (xxx.xxx.xxx.xxx) [xxx.xxx.xxx] D=0s