Many Unrouteable address and Sender verify failed and

chronic

Verified User
Joined
Dec 14, 2006
Messages
96
Today I got a notification:

Code:
A new message or response with subject:

Warning: 1500 emails have just been sent by mydomain

I looked at the file /var/log/exim/mainlog and found full of these reports (Note that I replaced the real domain name with mydomain.com for security):

Code:
2015-05-14 16:00:44 H=(mail.mydomain.com) [64.128.31.23] sender verify fail for <[email protected]>: Unrouteable address
2015-05-14 16:00:44 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:00:45 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:00:45 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:00:45 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:00:45 failed to expand condition "${if and{{bool_lax{NULL}}{bool_lax{${perl{check_limits}}}}}}" for lookuphost router: You (mydomain) have reached your daily email limit of 1500 emails

2015-05-14 16:15:50 H=(mail.mydomain.com) [64.128.31.23] sender verify fail for <[email protected]>: Unrouteable address
2015-05-14 16:15:50 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:15:50 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:15:50 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:15:51 H=(mail.mydomain.com) [64.128.31.23] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2015-05-14 16:15:51 failed to expand condition "${if and{{bool_lax{NULL}}{bool_lax{${perl{check_limits}}}}}}" for lookuphost router: You (mydomain) have reached your daily email limit of 1500 emails

I tried to suspend the account of the customer to rule out that the problem was any email address compromise or some script on their site, but the messages in the log continue to go out, I tried to feel it and told me that the other day were infected by a virus on one of their pc. I am a bit 'worried because I do not know exactly what's going on and I do not know if it is dangerous, and what I can do. Can someone help me understand and possibly suggest something?

Thanks in advance and sorry for my english
 
What exim.conf version are you using?

Does you have the sender ip somehow in any of the /etc/virtual/whitelist_ files?

Regards
 
My exim.conf version is:

# SpamBlockerTechnology* powered exim.conf, Version 4.2.2
# April 28, 2014 17:54 (-0700)

And i look on /etc/virtual/whitelist_ files and i don't have any ip, are all empty.

Thanks
 
Back
Top