How to ban sending/receiving emails from an email address?

[SuperBaby]

I see tons of the below in the exim log but do not really understand what it means. Are emails being sent TO or FROM [email protected]?? How do I ban it?

2007-06-24 21:44:45 1I2SKY-0001NL-9s => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:46:51 1I2SOQ-0001wA-S2 => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:46:52 1I2SOT-0001wD-SB => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:46:54 1I2SOK-0001w5-CD => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:22 1I2SNt-0001uz-8T => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:24 1I2SNJ-0001uZ-KT => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:24 1I2SN1-0001uU-Va => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:26 1I2SO0-0001vD-TQ => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:27 1I2SMs-0001uN-FT => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:28 1I2SNq-0001un-1Y => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:30 1I2SNb-0001uj-Uq => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:31 1I2SNG-0001uY-GF => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:32 1I2SN8-0001uV-3n => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:34 1I2SO7-0001vH-6T => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:35 1I2SNK-0001ub-NY => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:37 1I2SMk-0001uM-6A => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:39 1I2SO8-0001vI-1R => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:39 1I2SO3-0001vE-90 => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:41 1I2SNF-0001uX-B4 => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:41 1I2SN9-0001uW-SE => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery

 

[nickp666]

they are all to [email protected] which is either a forwarder to the main account or the user has the default address (catch-all) set to their main account

You will have to grep the message id's from the exim log to see where they came from as you have only listed the second part of the delivery of those messages.

for example:

grep "1I2SN9-0001uW-SE" /var/log/exim_mainlog

Would show the transaction of the last message

 

[SuperBaby]

grep "1I2T4d-0006pX-A1" /var/log/exim_mainlog

2007-06-24 22:27:56 1I2T4d-0006pX-A1 <= <> H=(mc31.lon.server.colt.net) [212.74.77.71] P=esmtp S=29986 [email protected]
2007-06-24 22:30:09 1I2T4d-0006pX-A1 => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 22:30:09 1I2T4d-0006pX-A1 Completed

What's next? How do I read the content of that email?

 

[nickp666]

you cant read the content of that e-mail unless it is still in the mailbox it was delivered to.

By the transaction you posted, its a bounce message. (notice the <> instead of a sender address)