help ... exim log going nuts

I

intramanga

Verified User
Joined
Apr 14, 2005
Messages
35
Location
Spain
HELP ... my exim mainlog is filling up with this stuff at 10Mb a minute!
anybody seen this before:

006-03-13 23:58:34 1FItOm-0006BJ-BY SMTP error from remote mailer after end of data: host mailin-04.mx.aol.com [64.12.138.152]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:58:34 1FItOm-0006BJ-BY SMTP error from remote mailer after end of data: host mailin-03.mx.aol.com [205.188.157.217]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:58:35 1FItOm-0006BJ-BY SMTP error from remote mailer after end of data: host mailin-03.mx.aol.com [64.12.138.120]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:58:36 1FItOm-0006BJ-BY SMTP error from remote mailer after end of data: host mailin-01.mx.aol.com [205.188.156.185]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:58:36 1FItOm-0006BJ-BY SMTP error from remote mailer after end of data: host mailin-01.mx.aol.com [205.188.158.121]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:58:36 1FItOm-0006BJ-BY == [email protected] R=lookuphost T=remote_smtp defer (0): SMTP error from remote mailer after end of data: host mailin-01.mx.aol.com [205.188.158.121]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:58:36 1FItRA-0006Dd-KI SMTP error from remote mailer after end of data: host mailin-02.mx.aol.com [64.12.138.185]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:58:45 1FItRA-0006Dd-KI SMTP error from remote mailer after end of data: host mailin-01.mx.aol.com [205.188.158.121]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:58:49 1FItRA-0006Dd-KI SMTP error from remote mailer after end of data: host mailin-01.mx.aol.com [205.188.156.185]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:58:51 H=c8d2c013.sts.virtua.com.br [200.210.192.19] F=<[email protected]> rejected RCPT <[email protected]>: Email blocked by SPAMCOP - to unblock see http://www.intramanga.net/spamblocking
2006-03-13 23:58:52 H=c8d2c013.sts.virtua.com.br [200.210.192.19] incomplete transaction (QUIT) from <[email protected]>
2006-03-13 23:59:07 1FItRA-0006Dd-KI SMTP error from remote mailer after end of data: host mailin-04.mx.aol.com [64.12.138.152]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:59:07 1FItRA-0006Dd-KI SMTP error from remote mailer after end of data: host mailin-04.mx.aol.com [205.188.156.249]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:59:07 1FItRA-0006Dd-KI == [email protected] R=lookuphost T=remote_smtp defer (0): SMTP error from remote mailer after end of data: host mailin-04.mx.aol.com [205.188.156.249]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:59:14 1FItS8-0006Ft-Lz SMTP error from remote mailer after end of data: host mailin-04.mx.aol.com [64.12.138.89]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:59:18 H=a83-132-196-70.cpe.netcabo.pt (gfgfgf.com) [83.132.196.70] F=<[email protected]> rejected RCPT <[email protected]>: Email blocked by SPAMCOP - to unblock see http://www.intramanga.net/spamblocking
2006-03-13 23:59:19 H=a83-132-196-70.cpe.netcabo.pt (gfgfgf.com) [83.132.196.70] incomplete transaction (connection lost) from <[email protected]>
2006-03-13 23:59:19 unexpected disconnection while reading SMTP command from a83-132-196-70.cpe.netcabo.pt (gfgfgf.com) [83.132.196.70]
2006-03-13 23:59:20 1FItS8-0006Ft-Lz SMTP error from remote mailer after end of data: host mailin-04.mx.aol.com [64.12.138.152]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:59:21 1FItS8-0006Ft-Lz SMTP error from remote mailer after end of data: host mailin-01.mx.aol.com [205.188.156.185]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:59:23 1FItS8-0006Ft-Lz SMTP error from remote mailer after end of data: host mailin-01.mx.aol.com [205.188.158.121]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:59:27 1FItS8-0006Ft-Lz == [email protected] R=lookuphost T=remote_smtp defer (0): SMTP error from remote mailer after end of data: host mailin-02.mx.aol.com [64.12.138.185]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:59:27 1FItS8-0006Ft-Lz == [email protected] R=lookuphost T=remote_smtp defer (0): SMTP error from remote mailer after end of data: host mailin-02.mx.aol.com [64.12.138.185]: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html\n421 SERVICE NOT AVAILABLE
2006-03-13 23:59:27 1FItS8-0006Ft-Lz == [email protected] R=lookuphost T=rem

Thanks ,
Ed,

:confused:
 
Most likely something on your server (perhaps a PHP script) is compromised and is being used to send lots of spam to AOL.

So AOL has blocklisted you and is refusing mail from you.

Check the link AOL has helpfully provided for more information on what it looks like from their end.

And check your queues to see outgoing email lined up to be retried. Perhaps you can figure out from the headers which username is sending the email.

Then you'll know where to look for the hacked script.

Next most likely ... someone actually got an account on your server to use to spam AOL members.

Jeff
 
jlasman said:
Most likely something on your server (perhaps a PHP script) is compromised and is being used to send lots of spam to AOL.

So AOL has blocklisted you and is refusing mail from you.

Check the link AOL has helpfully provided for more information on what it looks like from their end.

And check your queues to see outgoing email lined up to be retried. Perhaps you can figure out from the headers which username is sending the email.

Then you'll know where to look for the hacked script.

Next most likely ... someone actually got an account on your server to use to spam AOL members.

Jeff
Click to expand...

Thanks Jeff... will go look for something like that ....
Ed,
 
You must log in or register to reply here.
Back
Top