Results 1 to 3 of 3
Thread: Ongoing blacklisting issue
-
08-28-2007, 08:44 AM #1Junior Guru
- Join Date
- Jul 2005
- Posts
- 213
Ongoing blacklisting issue
For the last month I've had problems with my VPS being blacklisted, and it always seems to be around the same time of day.
Anyway, the VPS is managed, but it's a right pain the backside getting support to deal with the problem for me and sort it out. I get answers like "Its a PHP script", and when I ask which script they say they can't find out.
After getting advice from people on this forum, I asked support to setup exim so that it recorded the folder of any scripts sending out mail, but when I run grep so show any exim_mainlog entries with cwd= there is very little appearing appart from genuine mails being sent by contact forms on websites.
I managed to get evidence of a mail which caused the server to be blacklisted and sent this to support, who said the mails are being send via header injection on contact scripts, so I've got through the contact scripts and changed them, but again, still blacklisted.
I may be wrong here, but surely if someone was doing mail injection then I would be receiving copies of the mail myself as the website mails me with the enquiry, and also surely the exim_mainlog would so the folder containing the script as sending mails...but it doesnt.
I'm completely lost here, somehow mail is being sent from the server, whether it be via a script or what, but I can't(and neither can support) determine the exact script that is sending mail.
Here is a snippet of the exim_mainlog from around the time the evidence mail was sent.
Code:Aug 25 21:59:40 awt spamd[5164]: spamd: checking message <16291601c7e75a$d5a016e0$0d4cb34c@ALLEN> for thegran:32010 Aug 25 21:59:46 awt spamd[23731]: spamd: connection from localhost [127.0.0.1] at port 47366 Aug 25 21:59:46 awt spamd[23731]: spamd: setuid to libraifa succeeded Aug 25 21:59:46 awt spamd[23731]: spamd: checking message <494307824222.548029453854@flcjn.net> for libraifa:32006 Aug 25 21:59:48 awt spamd[5164]: spamd: identified spam (17.1/5.0) for thegran:32010 in 7.7 seconds, 1050 bytes. Aug 25 21:59:48 awt spamd[5164]: spamd: result: Y 17 - BAYES_99,DATE_IN_PAST_06_12,FORGED_MUA_OUTLOOK,INVALID_MSGID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RDNS_DYNAMIC,STOX_REPLY_TYPE,URIBL_BLACK,URIBL_RHS_DOB,URIBL_SBL scantime=7.7,size=1050,user=thegran,uid=32010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=47347,mid=<16291601c7e75a$d5a016e0$0d4cb34c@ALLEN>,bayes=1.000000,autolearn=spam Aug 25 21:59:48 awt spamd[28500]: prefork: child states: IB Aug 25 21:59:52 awt spamd[23731]: spamd: identified spam (12.3/2.5) for libraifa:32006 in 6.4 seconds, 6742 bytes. Aug 25 21:59:52 awt spamd[23731]: spamd: result: Y 12 - AXB_XMID_1212,BAYES_60,EXTRA_MPART_TYPE,HTML_IMAGE_ONLY_04,HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_NONE scantime=6.4,size=6742,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=47366,mid=<494307824222.548029453854@flcjn.net>,bayes=0.654621,autolearn=no Aug 25 21:59:52 awt spamd[28500]: prefork: child states: II Aug 25 21:59:53 awt pop3d: LOGIN, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86] Aug 25 21:59:56 awt pop3d: LOGOUT, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86], top=0, retr=39944, rcvd=56, sent=40746, time=3 Aug 25 22:04:12 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 48176 Aug 25 22:04:12 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 22:04:12 awt spamd[5164]: spamd: checking message <E1IP2ng-0002eI-Eg@wear.readytogo.net> for libraifa:32006 Aug 25 22:04:20 awt spamd[5164]: spamd: clean message (-2.6/2.5) for libraifa:32006 in 7.6 seconds, 1827 bytes. Aug 25 22:04:20 awt spamd[5164]: spamd: result: . -2 - AWL,BAYES_00 scantime=7.6,size=1827,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=48176,mid=<E1IP2ng-0002eI-Eg@wear.readytogo.net>,bayes=0.000000,autolearn=ham Aug 25 22:04:20 awt spamd[28500]: prefork: child states: II Aug 25 22:09:29 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 49145 Aug 25 22:09:29 awt spamd[5164]: spamd: setuid to gbtravel succeeded Aug 25 22:09:29 awt spamd[5164]: spamd: checking message <putcgcbfbhamfer@fruitpads.com> for gbtravel:32017 Aug 25 22:09:39 awt spamd[5164]: spamd: identified spam (12.6/5.0) for gbtravel:32017 in 10.2 seconds, 5003 bytes. Aug 25 22:09:39 awt spamd[5164]: spamd: result: Y 12 - BAYES_99,HTML_IMAGE_ONLY_32,HTML_MESSAGE,LOCALPART_IN_SUBJECT,MSGID_SPAM_LETTERS,SPF_PASS,TVD_RATWARE_MSGID_02,URIBL_BLACK,URI_NOVOWEL scantime=10.2,size=5003,user=gbtravel,uid=32017,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=49145,mid=<putcgcbfbhamfer@fruitpads.com>,bayes=1.000000,autolearn=no Aug 25 22:09:39 awt spamd[28500]: prefork: child states: II Aug 25 22:10:06 awt pop3d: LOGIN, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86] Aug 25 22:10:07 awt pop3d: LOGOUT, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86], top=0, retr=0, rcvd=12, sent=39, time=1 Aug 25 22:11:27 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 49520 Aug 25 22:11:27 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 22:11:27 awt spamd[5164]: spamd: checking message <000601c7e75c$894ed180$0100007f@fpviosw> for libraifa:32006 Aug 25 22:11:36 awt spamd[5164]: spamd: identified spam (16.3/2.5) for libraifa:32006 in 8.5 seconds, 19328 bytes. Aug 25 22:11:36 awt spamd[5164]: spamd: result: Y 16 - BAYES_60,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,SHORT_HELO_AND_INLINE_IMAGE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=8.5,size=19328,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=49520,mid=<000601c7e75c$894ed180$0100007f@fpviosw>,bayes=0.726583,autolearn=spam Aug 25 22:11:36 awt spamd[28500]: prefork: child states: II Aug 25 22:16:17 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 50217 Aug 25 22:16:17 awt spamd[5164]: spamd: setuid to sr8 succeeded Aug 25 22:16:17 awt spamd[5164]: spamd: checking message <984907979.55364767348457@utsc.utoronto.ca> for sr8:32004 Aug 25 22:16:26 awt spamd[5164]: spamd: identified spam (12.9/5.0) for sr8:32004 in 9.3 seconds, 9431 bytes. Aug 25 22:16:26 awt spamd[5164]: spamd: result: Y 12 - DATE_IN_FUTURE_03_06,FH_HELO_EQ_D_D_D_D,FUZZY_CREDIT,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,HTML_OBFUSCATE_10_20,MIME_HTML_ONLY,RCVD_IN_PBL,RDNS_DYNAMIC,TVD_RCVD_IP scantime=9.3,size=9431,user=sr8,uid=32004,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50217,mid=<984907979.55364767348457@utsc.utoronto.ca>,autolearn=spam Aug 25 22:16:26 awt spamd[28500]: prefork: child states: II Aug 25 22:19:29 awt pop3d: LOGIN, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86] Aug 25 22:19:29 awt pop3d: LOGOUT, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86], top=0, retr=0, rcvd=12, sent=39, time=0 Aug 25 22:20:33 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 51016 Aug 25 22:20:33 awt spamd[5164]: spamd: setuid to thegran succeeded Aug 25 22:20:33 awt spamd[5164]: spamd: checking message <21ecc01c7e75d$bbd32420$2f01a8c0@windowsa607f1d> for thegran:32010 Aug 25 22:20:41 awt spamd[5164]: spamd: identified spam (17.5/5.0) for thegran:32010 in 8.1 seconds, 1174 bytes. Aug 25 22:20:41 awt spamd[5164]: spamd: result: Y 17 - BAYES_99,DATE_IN_PAST_06_12,FH_HOST_EQ_VERIZON_P,FORGED_MUA_OUTLOOK,INVALID_MSGID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,STOX_REPLY_TYPE,URIBL_RED,URIBL_RHS_DOB scantime=8.1,size=1174,user=thegran,uid=32010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=51016,mid=<21ecc01c7e75d$bbd32420$2f01a8c0@windowsa607f1d>,bayes=0.999360,autolearn=spam Aug 25 22:20:41 awt spamd[28500]: prefork: child states: II Aug 25 22:26:21 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 51946 Aug 25 22:26:21 awt spamd[5164]: spamd: setuid to gbtravel succeeded Aug 25 22:26:21 awt spamd[5164]: spamd: checking message <264166.236793146.1188032962@ourfirststep.net> for gbtravel:32017 Aug 25 22:26:30 awt spamd[5164]: spamd: identified spam (7.1/5.0) for gbtravel:32017 in 9.2 seconds, 6091 bytes. Aug 25 22:26:30 awt spamd[5164]: spamd: result: Y 7 - AWL,BAYES_50,HTML_IMAGE_RATIO_04,HTML_MESSAGE,HTML_TAG_BALANCE_HEAD,MPART_ALT_DIFF,SPF_PASS,URIBL_BLACK,URIBL_JP_SURBL scantime=9.2,size=6091,user=gbtravel,uid=32017,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=51946,mid=<264166.236793146.1188032962@ourfirststep.net>,bayes=0.592462,autolearn=no Aug 25 22:26:30 awt spamd[28500]: prefork: child states: II Aug 25 22:34:09 awt pop3d: LOGIN, user=mike@camberleydrivingschool.co.uk, ip=[::ffff:86.13.153.74] Aug 25 22:34:10 awt pop3d: LOGOUT, user=mike@camberleydrivingschool.co.uk, ip=[::ffff:86.13.153.74], top=0, retr=2252, rcvd=50, sent=2521, time=1 Aug 25 22:51:28 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 55911 Aug 25 22:51:28 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 22:51:28 awt spamd[5164]: spamd: checking message <3235985408.20070825170556@qmuqybrxw> for libraifa:32006 Aug 25 22:51:35 awt spamd[5164]: spamd: identified spam (9.8/2.5) for libraifa:32006 in 7.2 seconds, 836 bytes. Aug 25 22:51:35 awt spamd[5164]: spamd: result: Y 9 - BAYES_99,RDNS_NONE,SPF_HELO_NEUTRAL,SPF_NEUTRAL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL scantime=7.2,size=836,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=55911,mid=<3235985408.20070825170556@qmuqybrxw>,bayes=1.000000,autolearn=no Aug 25 22:51:35 awt spamd[28500]: prefork: child states: II Aug 25 22:54:30 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 56343 Aug 25 22:54:30 awt spamd[5164]: spamd: setuid to sr8 succeeded Aug 25 22:54:30 awt spamd[5164]: spamd: checking message <8678967196.190217665470@yahoo.com> for sr8:32004 Aug 25 22:54:37 awt spamd[5164]: spamd: identified spam (14.0/5.0) for sr8:32004 in 6.9 seconds, 847 bytes. Aug 25 22:54:37 awt spamd[5164]: spamd: result: Y 14 - FORGED_YAHOO_RCVD,RCVD_IN_PBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,REPTO_QUOTE_YAHOO,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL scantime=6.9,size=847,user=sr8,uid=32004,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=56343,mid=<8678967196.190217665470@yahoo.com>,autolearn=spam Aug 25 22:54:37 awt spamd[28500]: prefork: child states: II Aug 25 22:57:06 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 56732 Aug 25 22:57:06 awt spamd[5164]: spamd: setuid to thegran succeeded Aug 25 22:57:06 awt spamd[5164]: spamd: checking message <1IP4?n-000NOC-YL@pool-72-82-6-40.prvdri.east.verizon.net> for thegran:32010 Aug 25 22:57:14 awt spamd[5164]: spamd: identified spam (13.8/5.0) for thegran:32010 in 8.3 seconds, 1185 bytes. Aug 25 22:57:14 awt spamd[5164]: spamd: result: Y 13 - BAYES_99,FH_HELO_EQ_D_D_D_D,FH_HOST_EQ_VERIZON_P,HELO_DYNAMIC_IPADDR,HTML_MESSAGE,INVALID_MSGID,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,SPF_FAIL,URIBL_BLACK,WHOIS_NETSOLPR scantime=8.3,size=1185,user=thegran,uid=32010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=56732,mid=<1IP4?n-000NOC-YL@pool-72-82-6-40.prvdri.east.verizon.net>,bayes=0.998838,autolearn=spam Aug 25 22:57:14 awt spamd[28500]: prefork: child states: II Aug 25 22:57:25 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 56778 Aug 25 22:57:25 awt spamd[5164]: spamd: setuid to gbtravel succeeded Aug 25 22:57:25 awt spamd[5164]: spamd: checking message <1IP4?i-000PHR-K5@64-136-209-19.dyn.everestkc.net> for gbtravel:32017 Aug 25 22:57:32 awt spamd[5164]: spamd: identified spam (24.6/5.0) for gbtravel:32017 in 7.1 seconds, 1128 bytes. Aug 25 22:57:32 awt spamd[5164]: spamd: result: Y 24 - BAYES_99,FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,INVALID_MSGID,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,SPF_SOFTFAIL,TVD_RCVD_IP,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SC_SURBL,WHOIS_NETSOLPR scantime=7.1,size=1128,user=gbtravel,uid=32017,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=56778,mid=<1IP4?i-000PHR-K5@64-136-209-19.dyn.everestkc.net>,bayes=1.000000,autolearn=spam Aug 25 22:57:32 awt spamd[28500]: prefork: child states: II Aug 25 23:02:27 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 57548 Aug 25 23:02:27 awt spamd[5164]: spamd: setuid to gbtravel succeeded Aug 25 23:02:27 awt spamd[5164]: spamd: checking message <200708252202.l7PM2QvX028682@eul0000836.eu.verio.net> for gbtravel:32017 Aug 25 23:02:35 awt spamd[5164]: spamd: clean message (-1.1/5.0) for gbtravel:32017 in 8.3 seconds, 1618 bytes. Aug 25 23:02:35 awt spamd[5164]: spamd: result: . -1 - BAYES_00,FORGED_HOTMAIL_RCVD2 scantime=8.3,size=1618,user=gbtravel,uid=32017,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=57548,mid=<200708252202.l7PM2QvX028682@eul0000836.eu.verio.net>,bayes=0.000000,autolearn=no Aug 25 23:02:35 awt spamd[28500]: prefork: child states: II Aug 25 23:02:50 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 57653 Aug 25 23:02:50 awt spamd[5164]: spamd: setuid to sr8 succeeded Aug 25 23:02:50 awt spamd[5164]: spamd: checking message <5937741215.0503466228@pacbell.net> for sr8:32004 Aug 25 23:02:58 awt spamd[5164]: spamd: identified spam (15.4/5.0) for sr8:32004 in 7.7 seconds, 934 bytes. Aug 25 23:02:58 awt spamd[5164]: spamd: result: Y 15 - FB_NUMYO,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL scantime=7.7,size=934,user=sr8,uid=32004,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=57653,mid=<5937741215.0503466228@pacbell.net>,autolearn=spam Aug 25 23:02:58 awt spamd[28500]: prefork: child states: II Aug 25 23:05:50 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 58357 Aug 25 23:05:50 awt spamd[5164]: spamd: setuid to sr8 succeeded Aug 25 23:05:50 awt spamd[5164]: spamd: checking message <01c7e764$155d4b50$21cd6ad2@??[????????|p??|??????[???> for sr8:32004 Aug 25 23:05:56 awt spamd[5164]: spamd: identified spam (19.5/5.0) for sr8:32004 in 5.4 seconds, 848 bytes. Aug 25 23:05:56 awt spamd[5164]: spamd: result: Y 19 - DATE_IN_PAST_06_12,FH_FROMEML_NOTLD,FROM_NO_USER,HEAD_ILLEGAL_CHARS,INVALID_DATE,INVALID_MSGID,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_NONE,SPAMMY_XMAILER,UNPARSEABLE_RELAY,XMAILER_MIMEOLE_OL_7533E scantime=5.4,size=848,user=sr8,uid=32004,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=58357,mid=<01c7e764$155d4b50$21cd6ad2@??[????????|p??|??????[???>,autolearn=spam Aug 25 23:05:56 awt spamd[28500]: prefork: child states: II Aug 25 23:06:00 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 58392 Aug 25 23:06:00 awt spamd[5164]: spamd: setuid to sr8 succeeded Aug 25 23:06:00 awt spamd[5164]: spamd: checking message <000301c7e764$1f07f6f0$8fd531be@pc6> for sr8:32004 Aug 25 23:06:09 awt spamd[5164]: spamd: identified spam (19.1/5.0) for sr8:32004 in 8.3 seconds, 1881 bytes. Aug 25 23:06:09 awt spamd[5164]: spamd: result: Y 19 - FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,RCVD_IN_PBL,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=8.3,size=1881,user=sr8,uid=32004,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=58392,mid=<000301c7e764$1f07f6f0$8fd531be@pc6>,autolearn=spam Aug 25 23:06:09 awt spamd[28500]: prefork: child states: II Aug 25 23:12:01 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 59786 Aug 25 23:12:01 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 23:12:01 awt spamd[5164]: spamd: checking message <273791369226.250988857441@yahoo.co.uk> for libraifa:32006 Aug 25 23:12:12 awt spamd[5164]: spamd: identified spam (17.5/2.5) for libraifa:32006 in 11.1 seconds, 849 bytes. Aug 25 23:12:12 awt spamd[5164]: spamd: result: Y 17 - AXB_XMID_1212,BAYES_99,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL scantime=11.1,size=849,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=59786,mid=<273791369226.250988857441@yahoo.co.uk>,bayes=0.999858,autolearn=spam Aug 25 23:12:13 awt spamd[28500]: prefork: child states: II Aug 25 23:15:16 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 60539 Aug 25 23:15:16 awt spamd[5164]: spamd: setuid to gbtravel succeeded Aug 25 23:15:16 awt spamd[5164]: spamd: checking message <putcgcbfbhamfer@lockslimit.com> for gbtravel:32017 Aug 25 23:15:25 awt spamd[5164]: spamd: identified spam (15.4/5.0) for gbtravel:32017 in 9.1 seconds, 3056 bytes. Aug 25 23:15:25 awt spamd[5164]: spamd: result: Y 15 - BAYES_99,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,HTML_TAG_BALANCE_BODY,MIME_HTML_MOSTLY,MPART_ALT_DIFF,MSGID_SPAM_LETTERS,SPF_PASS,TVD_RATWARE_MSGID_02,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URI_NOVOWEL scantime=9.1,size=3056,user=gbtravel,uid=32017,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=60539,mid=<putcgcbfbhamfer@lockslimit.com>,bayes=1.000000,autolearn=spam Aug 25 23:15:25 awt spamd[28500]: prefork: child states: II Aug 25 23:15:49 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 60701 Aug 25 23:15:49 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 23:15:49 awt spamd[5164]: spamd: checking message <000801c19272$fc936650$6602a8c0@footjob> for libraifa:32006 Aug 25 23:15:57 awt spamd[5164]: spamd: identified spam (21.6/2.5) for libraifa:32006 in 8.1 seconds, 2419 bytes. Aug 25 23:15:57 awt spamd[5164]: spamd: result: Y 21 - BAYES_99,DATE_IN_PAST_12_24,FORGED_OUTLOOK_TAGS,HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,MSGID_OUTLOOK_INVALID,RCVD_IN_DSBL,RCVD_IN_NJABL_PROXY,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,SPF_HELO_NEUTRAL,TVD_RCVD_IP,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_WS_SURBL scantime=8.1,size=2419,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=60701,mid=<000801c19272$fc936650$6602a8c0@footjob>,bayes=1.000000,autolearn=spam Aug 25 23:15:57 awt spamd[28500]: prefork: child states: II Aug 25 23:21:40 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 33744 Aug 25 23:21:40 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 23:21:40 awt spamd[5164]: spamd: checking message <6cb7101c7e766$4ac2cf70$28e38018@cathy> for libraifa:32006 Aug 25 23:21:48 awt spamd[5164]: spamd: identified spam (24.8/2.5) for libraifa:32006 in 8.4 seconds, 1166 bytes. Aug 25 23:21:48 awt spamd[5164]: spamd: result: Y 24 - BAYES_99,DATE_IN_PAST_06_12,FH_HELO_ENDS_DOT,FORGED_MUA_OUTLOOK,INVALID_MSGID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,STOX_REPLY_TYPE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB scantime=8.4,size=1166,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=33744,mid=<6cb7101c7e766$4ac2cf70$28e38018@cathy>,bayes=0.995365,autolearn=spam Aug 25 23:21:48 awt spamd[28500]: prefork: child states: II Aug 25 23:27:32 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 35001 Aug 25 23:27:32 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 23:27:32 awt spamd[5164]: spamd: checking message <01c30d14$a09c9830$e245d7d8@billywhizzo> for libraifa:32006 Aug 25 23:27:41 awt spamd[5164]: spamd: identified spam (23.2/2.5) for libraifa:32006 in 9.8 seconds, 1035 bytes. Aug 25 23:27:41 awt spamd[5164]: spamd: result: Y 23 - BAYES_99,BODY_ENHANCEMENT2,DATE_IN_PAST_96_XX,HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,RCVD_IN_XBL,RCVD_NUMERIC_HELO,RDNS_NONE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL scantime=9.8,size=1035,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=35001,mid=<01c30d14$a09c9830$e245d7d8@billywhizzo>,bayes=0.999769,autolearn=spam Aug 25 23:27:41 awt spamd[28500]: prefork: child states: II Aug 25 23:28:34 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 35193 Aug 25 23:28:34 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 23:28:34 awt spamd[5164]: spamd: checking message <8325616822.20070825174223@wabhwp> for libraifa:32006 Aug 25 23:28:41 awt spamd[5164]: spamd: identified spam (17.0/2.5) for libraifa:32006 in 7.3 seconds, 949 bytes. Aug 25 23:28:41 awt spamd[5164]: spamd: result: Y 16 - BAYES_99,CUM_SHOT,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL scantime=7.3,size=949,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=35193,mid=<8325616822.20070825174223@wabhwp>,bayes=1.000000,autolearn=spam Aug 25 23:28:41 awt spamd[28500]: prefork: child states: II Aug 25 23:34:39 awt pop3d: LOGIN, user=mike@camberleydrivingschool.co.uk, ip=[::ffff:86.13.153.74] Aug 25 23:34:41 awt pop3d: LOGOUT, user=mike@camberleydrivingschool.co.uk, ip=[::ffff:86.13.153.74], top=0, retr=11761, rcvd=50, sent=12272, time=2 Aug 25 23:37:19 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 36857 Aug 25 23:37:19 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 23:37:19 awt spamd[5164]: spamd: checking message <25080700007$118599134653498$10$0@mail221.galacell.com> for libraifa:32006 Aug 25 23:37:27 awt spamd[5164]: spamd: identified spam (8.8/2.5) for libraifa:32006 in 8.4 seconds, 5761 bytes. Aug 25 23:37:27 awt spamd[5164]: spamd: result: Y 8 - AWL,BAYES_50,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_28,HTML_MESSAGE,RATWARE_EFROM,RDNS_NONE,SPF_FAIL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL scantime=8.4,size=5761,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=36857,mid=<25080700007$118599134653498$10$0@mail221.galacell.com>,bayes=0.543546,autolearn=spam Aug 25 23:37:27 awt spamd[28500]: prefork: child states: II Aug 25 23:41:14 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 37651 Aug 25 23:41:14 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 23:41:14 awt spamd[5164]: spamd: checking message <2618401c7e769$06c562d0$6601a8c0@ACS06Latitude> for libraifa:32006 Aug 25 23:41:20 awt spamd[5164]: spamd: identified spam (17.5/2.5) for libraifa:32006 in 6.3 seconds, 1123 bytes. Aug 25 23:41:20 awt spamd[5164]: spamd: result: Y 17 - BAYES_99,DATE_IN_PAST_06_12,FORGED_MUA_OUTLOOK,INVALID_MSGID,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,STOX_REPLY_TYPE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB scantime=6.3,size=1123,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=37651,mid=<2618401c7e769$06c562d0$6601a8c0@ACS06Latitude>,bayes=0.999956,autolearn=spam Aug 25 23:41:20 awt spamd[28500]: prefork: child states: II Aug 25 23:42:40 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 37900 Aug 25 23:42:40 awt spamd[5164]: spamd: setuid to libraifa succeeded Aug 25 23:42:40 awt spamd[5164]: spamd: checking message <0183930222.491384067379@humaniq.com> for libraifa:32006 Aug 25 23:42:47 awt spamd[5164]: spamd: identified spam (16.9/2.5) for libraifa:32006 in 7.5 seconds, 922 bytes. Aug 25 23:42:47 awt spamd[5164]: spamd: result: Y 16 - BAYES_99,FROM_LOCAL_DIGITS,FROM_LOCAL_HEX,FROM_STARTS_WITH_NUMS,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL scantime=7.5,size=922,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=37900,mid=<0183930222.491384067379@humaniq.com>,bayes=1.000000,autolearn=spam Aug 25 23:42:47 awt spamd[28500]: prefork: child states: II Aug 25 23:58:12 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 41258 Aug 25 23:58:12 awt spamd[5164]: spamd: setuid to gbtravel succeeded Aug 25 23:58:14 awt spamd[5164]: spamd: checking message <200708252258.l7PMwCCD032007@eul0000836.eu.verio.net> for gbtravel:32017 Aug 25 23:58:23 awt spamd[5164]: spamd: clean message (-0.7/5.0) for gbtravel:32017 in 10.4 seconds, 5938 bytes. Aug 25 23:58:23 awt spamd[5164]: spamd: result: . 0 - BAYES_20 scantime=10.4,size=5938,user=gbtravel,uid=32017,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=41258,mid=<200708252258.l7PMwCCD032007@eul0000836.eu.verio.net>,bayes=0.076918,autolearn=ham Aug 25 23:58:23 awt spamd[28500]: prefork: child states: II [root@awt log]# grep "Aug 25 04:" /var/log/maillog.1 Aug 25 04:01:00 awt spamd[15526]: spamd: connection from localhost [127.0.0.1] at port 45752 Aug 25 04:01:00 awt spamd[15526]: spamd: setuid to libraifa succeeded Aug 25 04:01:00 awt spamd[15526]: spamd: checking message <001c01c7e6a2$a47722b0$15a12f6c@Alex> for libraifa:32006 Aug 25 04:01:11 awt spamd[15526]: spamd: identified spam (18.1/2.5) for libraifa:32006 in 10.9 seconds, 1534 bytes. Aug 25 04:01:11 awt spamd[15526]: spamd: result: Y 18 - BAYES_60,FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,STOX_REPLY_TYPE,SUBJECT_NEEDS_ENCODING,SUBJ_ILLEGAL_CHARS,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL scantime=10.9,size=1534,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=45752,mid=<001c01c7e6a2$a47722b0$15a12f6c@Alex>,bayes=0.617526,autolearn=spam Aug 25 04:01:11 awt spamd[28500]: prefork: child states: II Aug 25 04:04:59 awt spamd[15526]: spamd: connection from localhost [127.0.0.1] at port 46479 Aug 25 04:04:59 awt spamd[15526]: spamd: setuid to libraifa succeeded Aug 25 04:04:59 awt spamd[15526]: spamd: checking message <05168r50016.300e50752080@mefound.com> for libraifa:32006 Aug 25 04:05:03 awt spamd[19837]: spamd: connection from localhost [127.0.0.1] at port 46510 Aug 25 04:05:03 awt spamd[19837]: spamd: setuid to libraifa succeeded Aug 25 04:05:03 awt spamd[19837]: spamd: checking message <734718958.34871935047797@partyallnight.net> for libraifa:32006 Aug 25 04:05:08 awt spamd[15526]: spamd: identified spam (14.4/2.5) for libraifa:32006 in 9.4 seconds, 2807 bytes. Aug 25 04:05:08 awt spamd[15526]: spamd: result: Y 14 - BAYES_60,DYN_RDNS_SHORT_HELO_HTML,HTML_FONT_SIZE_LARGE,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=9.4,size=2807,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=46479,mid=<05168r50016.300e50752080@mefound.com>,bayes=0.743051,autolearn=spam Aug 25 04:05:08 awt spamd[28500]: prefork: child states: IB Aug 25 04:05:15 awt spamd[19837]: spamd: identified spam (22.7/2.5) for libraifa:32006 in 11.7 seconds, 2931 bytes. Aug 25 04:05:15 awt spamd[19837]: spamd: result: Y 22 - BAYES_99,HS_INDEX_PARAM,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_NJABL_PROXY,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL scantime=11.7,size=2931,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=46510,mid=<734718958.34871935047797@partyallnight.net>,bayes=0.999853,autolearn=spam Aug 25 04:05:15 awt spamd[28500]: prefork: child states: II Aug 25 04:54:42 awt spamd[15526]: spamd: connection from localhost [127.0.0.1] at port 56495 Aug 25 04:54:42 awt spamd[15526]: spamd: setuid to libraifa succeeded Aug 25 04:54:42 awt spamd[15526]: spamd: checking message <370270355.13719951314104@flohwiese.de> for libraifa:32006 Aug 25 04:54:52 awt spamd[15526]: spamd: identified spam (13.5/2.5) for libraifa:32006 in 9.6 seconds, 4332 bytes. Aug 25 04:54:52 awt spamd[15526]: spamd: result: Y 13 - BAYES_95,DATE_IN_PAST_06_12,HS_INDEX_PARAM,HTML_MESSAGE,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL scantime=9.6,size=4332,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=56495,mid=<370270355.13719951314104@flohwiese.de>,bayes=0.959286,autolearn=spam Aug 25 04:54:52 awt spamd[28500]: prefork: child states: II Aug 25 04:56:48 awt spamd[15526]: spamd: connection from localhost [127.0.0.1] at port 56783 Aug 25 04:56:48 awt spamd[15526]: spamd: setuid to libraifa succeeded Aug 25 04:56:48 awt spamd[15526]: spamd: checking message <7057058211.1042549828@hotmail.com> for libraifa:32006 Aug 25 04:56:58 awt spamd[15526]: spamd: identified spam (13.0/2.5) for libraifa:32006 in 10.0 seconds, 876 bytes. Aug 25 04:56:58 awt spamd[15526]: spamd: result: Y 13 - BAYES_99,FM_FAKE_HELO_HOTMAIL,RCVD_IN_XBL,RDNS_NONE,SPF_HELO_SOFTFAIL,SPF_SOFTFAIL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL scantime=10.0,size=876,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=56783,mid=<7057058211.1042549828@hotmail.com>,bayes=1.000000,autolearn=spam Aug 25 04:56:58 awt spamd[28500]: prefork: child states: II [root@awt log]# vi maillog.1 [root@awt log]# vi exim_mainlog.1.gz 2007-08-25 04:11:16 H=fcfnotes03.fcf.com.tw [210.244.115.9]:4789 I=[91.186.15.4]:25 F=<billy@fcf.com.tw> rejected RCPT <al-mou@hotmail.com>: fcfnotes03.fcf.com.tw [210.244.115.9]:4789 is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client. 2007-08-25 04:11:16 H=fcfnotes03.fcf.com.tw [210.244.115.9]:4789 I=[91.186.15.4]:25 incomplete transaction (connection lost) from <billy@fcf.com.tw> 2007-08-25 04:11:16 unexpected disconnection while reading SMTP command from fcfnotes03.fcf.com.tw [210.244.115.9]:4789 I=[91.186.15.4]:25 2007-08-25 04:11:36 SMTP connection from [125.225.21.17]:2667 I=[91.186.15.4]:25 (TCP/IP connection count = 1) 2007-08-25 04:11:36 SMTP connection from [125.225.21.17]:2669 I=[91.186.15.4]:25 (TCP/IP connection count = 2) 2007-08-25 04:11:36 SMTP connection from [125.225.21.17]:2731 I=[91.186.15.144]:25 (TCP/IP connection count = 3) 2007-08-25 04:11:38 H=125-225-21-17.dynamic.hinet.net (91.186.15.4) [125.225.21.17]:2667 I=[91.186.15.4]:25 F=<y1m0d5g4@yahoo.com> rejected RCPT <sr2_serch@yahoo.com.tw>: 125-225-21-17.dynamic.hinet.net (91.186.15.4) [125.225.21.17]:2667 is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client. 2007-08-25 04:11:38 H=125-225-21-17.dynamic.hinet.net (91.186.15.4) [125.225.21.17]:2669 I=[91.186.15.4]:25 F=<y1m0d5g4@yahoo.com> rejected RCPT <sr2_serch@yahoo.com.tw>: 125-225-21-17.dynamic.hinet.net (91.186.15.4) [125.225.21.17]:2669 is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client. 2007-08-25 04:11:38 H=125-225-21-17.dynamic.hinet.net (91.186.15.144) [125.225.21.17]:2731 I=[91.186.15.144]:25 F=<y1m0d5g4@yahoo.com> rejected RCPT <sr2_serch@yahoo.com.tw>: 125-225-21-17.dynamic.hinet.net (91.186.15.144) [125.225.21.17]:2731 is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client. 2007-08-25 04:11:38 H=125-225-21-17.dynamic.hinet.net (91.186.15.4) [125.225.21.17]:2667 I=[91.186.15.4]:25 incomplete transaction (connection lost) from <y1m0d5g4@yahoo.com> 2007-08-25 04:11:38 unexpected disconnection while reading SMTP command from 125-225-21-17.dynamic.hinet.net (91.186.15.4) [125.225.21.17]:2667 I=[91.186.15.4]:25 2007-08-25 04:11:38 H=125-225-21-17.dynamic.hinet.net (91.186.15.4) [125.225.21.17]:2669 I=[91.186.15.4]:25 incomplete transaction (connection lost) from <y1m0d5g4@yahoo.com> 2007-08-25 04:11:38 unexpected disconnection while reading SMTP command from 125-225-21-17.dynamic.hinet.net (91.186.15.4) [125.225.21.17]:2669 I=[91.186.15.4]:25 2007-08-25 04:11:38 H=125-225-21-17.dynamic.hinet.net (91.186.15.144) [125.225.21.17]:2731 I=[91.186.15.144]:25 incomplete transaction (connection lost) from <y1m0d5g4@yahoo.com> 2007-08-25 04:11:38 unexpected disconnection while reading SMTP command from 125-225-21-17.dynamic.hinet.net (91.186.15.144) [125.225.21.17]:2731 I=[91.186.15.144]:25 2007-08-25 04:12:20 SMTP connection from [125.24.63.230]:55705 I=[91.186.15.4]:25 (TCP/IP connection count = 1) 2007-08-25 04:12:22 ident connection to 125.24.63.230 timed out 2007-08-25 04:12:23 H=125-24-63-230.adsl.totbb.net (myhum) [125.24.63.230]:55705 I=[91.186.15.4]:25 F=<hxo0vdv@ps.ge.com> rejected RCPT <kay@internetholidays.com>: No Such User Here 2007-08-25 04:12:24 H=125-24-63-230.adsl.totbb.net (myhum) [125.24.63.230]:55705 I=[91.186.15.4]:25 incomplete transaction (connection lost) from <hxo0vdv@ps.ge.com> 2007-08-25 04:12:24 unexpected disconnection while reading SMTP command from 125-24-63-230.adsl.totbb.net (myhum) [125.24.63.230]:55705 I=[91.186.15.4]:25 2007-08-25 04:12:46 SMTP connection from [204.16.0.97]:54769 I=[91.186.15.4]:25 (TCP/IP connection count = 1) 2007-08-25 04:12:46 SMTP connection from [204.16.0.97]:54769 I=[91.186.15.4]:25 lost 2007-08-25 04:12:49 SMTP connection from [59.125.147.146]:4711 I=[91.186.15.4]:25 (TCP/IP connection count = 1) 2007-08-25 04:12:51 ident connection to 59.125.147.146 timed out 2007-08-25 04:12:52 SMTP connection from [201.51.203.234]:3345 I=[91.186.15.4]:25 (TCP/IP connection count = 2) 2007-08-25 04:12:53 H=59-125-147-146.hinet-ip.hinet.net (khmail.teamrise.com.tw) [59.125.147.146]:4711 I=[91.186.15.4]:25 F=<mark@teamrise.com.tw> rejected RCPT <paesyth.qdzse@msa.hinet.net>: 59-125-147-146.hinet-ip.hinet.net (khmail.teamrise.com.tw) [59.125.147.146]:4711 is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client. 2007-08-25 04:12:53 H=59-125-147-146.hinet-ip.hinet.net (khmail.teamrise.com.tw) [59.125.147.146]:4711 I=[91.186.15.4]:25 incomplete transaction (connection lost) from <mark@teamrise.com.tw> 2007-08-25 04:12:53 unexpected disconnection while reading SMTP command from 59-125-147-146.hinet-ip.hinet.net (khmail.teamrise.com.tw) [59.125.147.146]:4711 I=[91.186.15.4]:25 2007-08-25 04:12:54 ident connection to 201.51.203.234 timed out 2007-08-25 04:12:58 H=20151203234.user.veloxzone.com.br [201.51.203.234]:3345 I=[91.186.15.4]:25 F=<corporateclients.ref5740558.gps@mibank.com> rejected RCPT <travelben@internetholidays.com>: No Such User Here 2007-08-25 04:12:58 H=20151203234.user.veloxzone.com.br [201.51.203.234]:3345 I=[91.186.15.4]:25 incomplete transaction (QUIT) from <corporateclients.ref5740558.gps@mibank.com> 2007-08-25 04:12:58 SMTP connection from 20151203234.user.veloxzone.com.br [201.51.203.234]:3345 I=[91.186.15.4]:25 closed by QUIT 2007-08-25 04:19:06 SMTP connection from [125.235.53.62]:4047 I=[91.186.15.4]:25 (TCP/IP connection count = 1) 2007-08-25 04:19:10 no IP address found for host 125.235.53.62.adsl.viettel.vn (during SMTP connection from (jqxxuqmg) [125.235.53.62]:4047 I=[91.186.15.4]:25) 2007-08-25 04:19:10 list matching forced to fail: failed to find host name for 125.235.53.62 "exim_mainlog.1.gz" [noeol] 5936L, 1643213C 75139,1 85%
-
08-28-2007, 09:30 AM #2Disabled
- Join Date
- Dec 2002
- Location
- chica go go
- Posts
- 11,876
Could you show us the headers of some of the messages that are getting you blacklisted?
-
08-28-2007, 09:42 AM #3Junior Guru
- Join Date
- Jul 2005
- Posts
- 213
I've just checked the mail log and found this as well, can anyone tell anything from it?
I've included a mail header below as well...
Code:2007-08-28 14:19:55 1IQ0z5-0002dl-2f <= zmhsqmegefceyj@ms56.hinet.net H=(awt.?????.com) [127.0.0.1] P=smtp S=3266 id=HQUCIROWUQCFMYBQXKSZKTZ@msa.hinet.net T="\241i\266W\261j\261\300\274s\241j\267~.\260\310.\246\346.\276P.\303n.\245\372.\244\350.\252k" 2007-08-28 14:19:55 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ0z5-0002dl-2f 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** a196591a@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to a196591a@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** b549599@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to b549599@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** advchem@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to advchem@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** bufflin@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to bufflin@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** a123321@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to a123321@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** a1265591@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to a1265591@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** a7120122@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to a7120122@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** amean@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to amean@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** a8234224@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to a8234224@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** a620516@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to a620516@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** angus@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to angus@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 1IQ0z5-0002dl-2f ** bq5286@tomail.com.tw R=fail_remote_domains: The mail server could not deliver mail to bq5286@tomail.com.tw. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 2007-08-28 14:19:56 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1IQ0z5-0002dl-2f 2007-08-28 14:19:56 1IQ0z5-0002dl-2f Completed
Code:From paul.hsin@msa.hinet.net Sat Aug 25 04:13:34 2007 Delivery-date: Sat, 25 Aug 2007 04:13:34 -0400 Received: from [2002:4a5c:3b41:1:216:3eff:fe57:7f4] (helo=shelob.surriel.com) by rohan.surriel.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1IOqlx-0003Sj-T7 for victim@smtp.example; Sat, 25 Aug 2007 04:13:33 -0400 Received: from [??.???.??.?] (helo=awt.?????.com) by shelob.surriel.com with smtp (Exim 4.63) (envelope-from ) id 1IOqlt-0003Sg-NC for victim@smtp.example; Sat, 25 Aug 2007 04:13:31 -0400 Received: from 61.57.210.69 by ??.???.??.?; Wed, 29 Aug 2007 04:10:58 -0400 From: "ÂÇ¥ÑDVDªº±Ð¾Ç¥[²`«Ä¤lªº¦L¶H¡A¨ÃÅý®aªø¥i¥H³*«Ä¤l¤@°_°µ°Û¹C°Ê§@¡A¼W¶i¿Ë¤l¤¬°Ê¡C " To: victim@smtp.example Subject: ³Ìªñµo²{¦o³ßÅw°Û°Û¸õ¸õ,§Æ±æ³o¥©ªêªºDVD¯à§l¤Þ¦o¦h¤@ÂIªºª`·N¤O, Date: Wed, 29 Aug 2007 05:06:58 -0300 MIME-Version: 1.0