How to ban sending/receiving emails from an email address?

SuperBaby

Well-Known Member
Nov 27, 2003
345
1
166
Thailand
cPanel Access Level
Website Owner
Twitter
I see tons of the below in the exim log but do not really understand what it means. Are emails being sent TO or FROM [email protected]?? How do I ban it?

2007-06-24 21:44:45 1I2SKY-0001NL-9s => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:46:51 1I2SOQ-0001wA-S2 => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:46:52 1I2SOT-0001wD-SB => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:46:54 1I2SOK-0001w5-CD => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:22 1I2SNt-0001uz-8T => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:24 1I2SNJ-0001uZ-KT => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:24 1I2SN1-0001uU-Va => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:26 1I2SO0-0001vD-TQ => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:27 1I2SMs-0001uN-FT => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:28 1I2SNq-0001un-1Y => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:30 1I2SNb-0001uj-Uq => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:31 1I2SNG-0001uY-GF => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:32 1I2SN8-0001uV-3n => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:34 1I2SO7-0001vH-6T => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:35 1I2SNK-0001ub-NY => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:37 1I2SMk-0001uM-6A => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:39 1I2SO8-0001vI-1R => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:39 1I2SO3-0001vE-90 => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:41 1I2SNF-0001uX-B4 => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 21:47:41 1I2SN9-0001uW-SE => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
 

nickp666

Well-Known Member
Jan 28, 2005
769
2
168
/dev/null
they are all to [email protected] which is either a forwarder to the main account or the user has the default address (catch-all) set to their main account

You will have to grep the message id's from the exim log to see where they came from as you have only listed the second part of the delivery of those messages.

for example:
Code:
grep "1I2SN9-0001uW-SE" /var/log/exim_mainlog
Would show the transaction of the last message
 

SuperBaby

Well-Known Member
Nov 27, 2003
345
1
166
Thailand
cPanel Access Level
Website Owner
Twitter
grep "1I2T4d-0006pX-A1" /var/log/exim_mainlog

2007-06-24 22:27:56 1I2T4d-0006pX-A1 <= <> H=(mc31.lon.server.colt.net) [212.74.77.71] P=esmtp S=29986 [email protected]
2007-06-24 22:30:09 1I2T4d-0006pX-A1 => office <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery
2007-06-24 22:30:09 1I2T4d-0006pX-A1 Completed

What's next? How do I read the content of that email?