Hi, I am running Cpanel (Current Release) on RH9 with Apache
I am using an exim mod that rejects incoming mail to the server based on RBL black list sites.
I see the following in logs quite often and I am trying to decipher this type of entry. The question is, I am wondering why my server IP # is being listed as "H=". In the below example, my server main ip is listed in parentheses. I have x'd out the main server IP so I can display the log entry here.
----------- From /var/log/exim_mainlog ----------
2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<[email protected]> rejected RCPT <[email protected]>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
-------------------------------------------------------
So, this is telling me that IP #219.94.59.189 is black listed at dsbl.org. I get that. I get that IP 219.94.59.189 is the REAL sender or the origin IP of the incoming email. Right?
Okay. Why then, is my server IP number listed as "H=(xx.xx.xx.xx)"? Is this email being sent THROUGH my web server from a person at IP # 219.94.59.189? If so, is it likely a formprocessor script, or could it be a mailman mailing list?
I guess "H" stands for "HELO"?
I noticed that my server IP is NOT listed as "H=" in every log entry. So, I am guessing that when my IP is listed as "H=", that it means my server is being used as a relay? Maybe through a form?
-------- My Server IP is not listed as "H=" in every log entry. -----------
2004-08-11 09:41:29 H=(zipolite.com) [210.205.144.78] F=<[email protected]> rejected RCPT <[email protected]>: Message rejected because (zipolite.com) [210.205.144.78] is blacklisted at dnsbl.njabl.org see open proxy -
2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<[email protected]> rejected RCPT <[email protected]>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
------------------------------------------------------------------
Any help from you will be much appreciated. I have searched these forums and others and have not been able to find this specific info.
I am using an exim mod that rejects incoming mail to the server based on RBL black list sites.
I see the following in logs quite often and I am trying to decipher this type of entry. The question is, I am wondering why my server IP # is being listed as "H=". In the below example, my server main ip is listed in parentheses. I have x'd out the main server IP so I can display the log entry here.
----------- From /var/log/exim_mainlog ----------
2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<[email protected]> rejected RCPT <[email protected]>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
-------------------------------------------------------
So, this is telling me that IP #219.94.59.189 is black listed at dsbl.org. I get that. I get that IP 219.94.59.189 is the REAL sender or the origin IP of the incoming email. Right?
Okay. Why then, is my server IP number listed as "H=(xx.xx.xx.xx)"? Is this email being sent THROUGH my web server from a person at IP # 219.94.59.189? If so, is it likely a formprocessor script, or could it be a mailman mailing list?
I guess "H" stands for "HELO"?
I noticed that my server IP is NOT listed as "H=" in every log entry. So, I am guessing that when my IP is listed as "H=", that it means my server is being used as a relay? Maybe through a form?
-------- My Server IP is not listed as "H=" in every log entry. -----------
2004-08-11 09:41:29 H=(zipolite.com) [210.205.144.78] F=<[email protected]> rejected RCPT <[email protected]>: Message rejected because (zipolite.com) [210.205.144.78] is blacklisted at dnsbl.njabl.org see open proxy -
2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<[email protected]> rejected RCPT <[email protected]>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
------------------------------------------------------------------
Any help from you will be much appreciated. I have searched these forums and others and have not been able to find this specific info.
