empowering
Verified User
Hi, I got a complaint about backscatter spam from our exim config using a stock exim 2.1.1 that bounced from our mail server but appears it was not at the SMTP level. It sent to the "From" and not rejected at the smtp level. Here is the log output:
The [email protected] is not a valid email address. It appears exim accepted the email and then closed the connection from the spammer and then created a new email and sent the backscatter out.
This should not be happening
Code:
2008-11-25 02:17:11 1L4sAZ-0007AJ-Al <= [email protected] H=2-0-124-91.pool.ukrtel.net (microsof-4aa06c) [91.124.0.2] P=smtp S=4558 id=20081125121651.3479.qmail@microsof-4aa06c T="Best Sales 2008!" from <[email protected]> for [email protected]
2008-11-25 02:17:12 1L4sAZ-0007AJ-Al ** [email protected] F=<[email protected]> R=virtual_aliases:
2008-11-25 02:17:12 1L4sAa-0007AN-0V <= <> R=1L4sAZ-0007AJ-Al U=mail P=local S=5371 T="Mail delivery failed: returning message to sender" from <> for [email protected]
2008-11-25 02:17:12 1L4sAZ-0007AJ-Al Completed
The [email protected] is not a valid email address. It appears exim accepted the email and then closed the connection from the spammer and then created a new email and sent the backscatter out.
Code:
2008-11-25 02:17:12 1L4sAa-0007AN-0V <= <> R=1L4sAZ-0007AJ-Al U=mail P=local S=5371 T="Mail delivery failed: returning message to sender" from <> for [email protected]
2008-11-25 02:17:17 1L4sAa-0007AN-0V => [email protected] F=<> R=lookuphost T=remote_smtp S=5493 H=beer.org.uk [91.84.48.107] X=TLSv1:DHE-RSA-AES256-SHA:256 C="250 2.0.0 mAP7HDM2026162 Message accepted for delivery"
2008-11-25 02:17:17 1L4sAa-0007AN-0V Completed
This should not be happening
Last edited: