The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim Log: Tell me what this is...

Discussion in 'General Discussion' started by bmcpanel, Aug 11, 2004.

  1. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Hi, I am running Cpanel (Current Release) on RH9 with Apache

    I am using an exim mod that rejects incoming mail to the server based on RBL black list sites.

    I see the following in logs quite often and I am trying to decipher this type of entry. The question is, I am wondering why my server IP # is being listed as "H=". In the below example, my server main ip is listed in parentheses. I have x'd out the main server IP so I can display the log entry here.

    ----------- From /var/log/exim_mainlog ----------
    2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<utjjqbwzi@yahoo.com> rejected RCPT <slopok@parkwaydrivein.com>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
    -------------------------------------------------------

    So, this is telling me that IP #219.94.59.189 is black listed at dsbl.org. I get that. I get that IP 219.94.59.189 is the REAL sender or the origin IP of the incoming email. Right?

    Okay. Why then, is my server IP number listed as "H=(xx.xx.xx.xx)"? Is this email being sent THROUGH my web server from a person at IP # 219.94.59.189? If so, is it likely a formprocessor script, or could it be a mailman mailing list?

    I guess "H" stands for "HELO"?


    I noticed that my server IP is NOT listed as "H=" in every log entry. So, I am guessing that when my IP is listed as "H=", that it means my server is being used as a relay? Maybe through a form?

    -------- My Server IP is not listed as "H=" in every log entry. -----------
    2004-08-11 09:41:29 H=(zipolite.com) [210.205.144.78] F=<aeldrafox@yahoo.com> rejected RCPT <ritaay@teamcreations.com>: Message rejected because (zipolite.com) [210.205.144.78] is blacklisted at dnsbl.njabl.org see open proxy -
    2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<utjjqbwzi@yahoo.com> rejected RCPT <slopok@parkwaydrivein.com>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
    ------------------------------------------------------------------

    Any help from you will be much appreciated. I have searched these forums and others and have not been able to find this specific info.
     
  2. largolam

    largolam Active Member

    Joined:
    May 16, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
     
  3. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    pefectly normal it is the ip address of the domain that is on your server thats receiving the mail or in this case rejecting
     
  4. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    dsbl is not a good blacklist they dont keep up to date.

    look at those reports of the IPs you listed.
    the reports are from 2003 i doubt there still sending out spam over a year later
     
Loading...

Share This Page