Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim Log: Tell me what this is...

Discussion in 'General Discussion' started by bmcpanel, Aug 11, 2004.

  1. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    316
    Hi, I am running Cpanel (Current Release) on RH9 with Apache

    I am using an exim mod that rejects incoming mail to the server based on RBL black list sites.

    I see the following in logs quite often and I am trying to decipher this type of entry. The question is, I am wondering why my server IP # is being listed as "H=". In the below example, my server main ip is listed in parentheses. I have x'd out the main server IP so I can display the log entry here.

    ----------- From /var/log/exim_mainlog ----------
    2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<utjjqbwzi@yahoo.com> rejected RCPT <slopok@parkwaydrivein.com>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
    -------------------------------------------------------

    So, this is telling me that IP #219.94.59.189 is black listed at dsbl.org. I get that. I get that IP 219.94.59.189 is the REAL sender or the origin IP of the incoming email. Right?

    Okay. Why then, is my server IP number listed as "H=(xx.xx.xx.xx)"? Is this email being sent THROUGH my web server from a person at IP # 219.94.59.189? If so, is it likely a formprocessor script, or could it be a mailman mailing list?

    I guess "H" stands for "HELO"?


    I noticed that my server IP is NOT listed as "H=" in every log entry. So, I am guessing that when my IP is listed as "H=", that it means my server is being used as a relay? Maybe through a form?

    -------- My Server IP is not listed as "H=" in every log entry. -----------
    2004-08-11 09:41:29 H=(zipolite.com) [210.205.144.78] F=<aeldrafox@yahoo.com> rejected RCPT <ritaay@teamcreations.com>: Message rejected because (zipolite.com) [210.205.144.78] is blacklisted at dnsbl.njabl.org see open proxy -
    2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<utjjqbwzi@yahoo.com> rejected RCPT <slopok@parkwaydrivein.com>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
    ------------------------------------------------------------------

    Any help from you will be much appreciated. I have searched these forums and others and have not been able to find this specific info.
     
  2. largolam

    largolam Active Member

    Joined:
    May 16, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    156
     
  3. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,772
    Likes Received:
    93
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    pefectly normal it is the ip address of the domain that is on your server thats receiving the mail or in this case rejecting
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    dsbl is not a good blacklist they dont keep up to date.

    look at those reports of the IPs you listed.
    the reports are from 2003 i doubt there still sending out spam over a year later
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice