I have a lot of legitimate messages of this style inside /var/log/exim_rejectlogs:
Searching the ID message with eximgrep I'm receiving this error:
Inside /var/log/exim_mainlog
only that. No news of result.
Still worse, all these legitimate messages are not visible using the WHM email reports by any filter or search word. Therefore I have a big accumulation.
The last change I have made in Exim configuration, it was disabling the 2 DKIM parameters inside WHM -> Exim editor. Because I had some complaints from people who cannot receive these messages from legitimate senders without DKIM
Please, give me some guide to help to fix this problem, and some way to re-process all these messages in order these can be added to the normal queue again,.
Thanks!!
Code:
2020-03-20 13:09:30.176 [7350] dovecot_login authenticator failed for (CVEWxBTSO) [16.24.162.82]:57543 I=[78.12.12.12]:25: 535 Incorrect authentication data (set_id=someuserx)
2020-03-20 13:09:51.446 [7376] H=(2DKyD0) [16.24.162.82]:60383 I=[78.12.12.12]:25 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2020-03-20 13:13:43.666 [8193] 2jFXtf-000299-I3 H=smtp-relay-03.somedomain.net [23.213.213.43]:60479 I=[78.12.12.12]:25 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no rejected DKIM
Envelope-from: <[email protected]>
Envelope-to: <[email protected]>
P Received: by host.server.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.93)
(envelope-from <[email protected]>)
id 2jFXtf-000299-I3
for [email protected]; Fri, 20 Mar 2020 13:13:43 +0100
P Received: from localhost (smtp-relay-local.scip.local [127.0.0.1])
by smtp-relay.somedomain.com (Postfix) with SMTP id E0A2E40494
for <[email protected]>; Fri, 20 Mar 2020 13:13:01 +0100 (CET)
P Received: from mail-node.somedomain.com
by smtp-relay.somedomain.com (Postfix) with ESMTP id E3E89807A4
for <[email protected]>; Fri, 20 Mar 2020 13:13:00 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=senderdomain.com; s=dddk;
t=1584742380; bh=r94HqGMEUmxC1NGI44RjTbFv2A7LOAzoaxlZYwSX33M=;
h=Date:Subject:Message-ID:From:To:Content-Type;
b=nqLpdYmAA89G6pm17mWiEGZ76VYoHlL21aMBSeAAWzQ6BHXK+ooP1B4LN4gOo2RQG
ny5hTcdlq4UsCeopm17mWiEGZ76VYoHlL21eMkUJN7M4RmaWRHnwmjnCYPA+Sr+jpR
P0VzDfbXWQAib26pm17mWiEGZ76VYoHlL21x5+8Q=
P Received: from [192.168.1.59] (clientmachine.net [12.12.12.12])
(Authenticated sender: [email protected])
by mail-node.somedomain.com (Postfix) with ESMTPA id B245A40729
for <[email protected]>; Fri, 20 Mar 2020 13:13:00 +0100 (CET)
Date: Fri, 20 Mar 2020 13:12:58 +0100
Subject: Test
I Message-ID: <[email protected]>
X-Android-Message-ID: <[email protected]>
F From: [email protected]
T To: [email protected]
Importance: Normal
X-Priority: 3
X-MSMail-Priority: Normal
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.11 (mail-node.somedomain.com [0.0.0.0]); Fri, 20 Mar 2020 13:13:00 +0100 (CET)
2020-03-20 13:14:25.491 [8238] H=smtp02.smtpout.orange.fr (smtp.smtpout.orange.fr) [80.12.242.122]:23310 I=[78.12.12.12]:25 X=TLS1:DHE-RSA-AES128-SHA:128 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Sender domain is bannedSearching the ID message with eximgrep I'm receiving this error:
Code:
# exigrep '2jFXtf-000299-I3' /var/log/exim_rejectlog
+++ 2jFXtf-000299-I3 has not completed +++
2020-03-20 13:13:43.666 [8193] 2jFXtf-000299-I3 H=smtp-relay-03.somedomain.net [23.213.213.43]:60479 I=[78.12.12.12]:25 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no rejected DKIMInside /var/log/exim_mainlog
Code:
2020-03-20 13:13:43.666 [8193] 2jFXtf-000299-I3 DKIM: d=senderdomain.com s=dddk c=relaxed/simple a=rsa-sha256 b=1024 t=1584742380 [verification succeeded]
2020-03-20 13:13:43.666 [8193] 2jFXtf-000299-I3 H=smtp-relay-03.somedomain.net [23.213.213.43]:60479 I=[78.12.12.12]:25 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no rejected DKIM
2020-03-20 13:13:43.666 [8193] SMTP connection from smtp-relay-03.somedomain.net [23.213.213.43]:60479 I=[78.12.12.12]:25 closed by QUIT
2020-03-20 13:13:45.248 [3649] SMTP connection from [80.12.242.122]:23310 I=[78.12.12.12]:25 (TCP/IP connection count = 1)
2020-03-20 13:14:06.788 [8263] cwd=/etc/csf 2 args: /usr/sbin/exim -bpcStill worse, all these legitimate messages are not visible using the WHM email reports by any filter or search word. Therefore I have a big accumulation.
The last change I have made in Exim configuration, it was disabling the 2 DKIM parameters inside WHM -> Exim editor. Because I had some complaints from people who cannot receive these messages from legitimate senders without DKIM
Please, give me some guide to help to fix this problem, and some way to re-process all these messages in order these can be added to the normal queue again,.
Thanks!!
