The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Strange entries in exim_mainlog?

Discussion in 'General Discussion' started by Harryhood, Jan 12, 2005.

  1. Harryhood

    Harryhood Well-Known Member

    Joined:
    Jun 3, 2003
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Gamehenge
    I have started seeing entries such as the one below in exim_mainlog recently. Servernames, email addrs. and ip addresses have been changed

    2005-01-12 05:02:58 H=servername.domainname.com (localhost.localhost) [xxx.xxx.xxx.xxx]:51605 I=[127.0.0.100]:25 F=<xxxxxxx@yahoo.de> rejected RCPT <xxxx@***********>: servername.domainname.com (localhost.localhost) [xxx.xxx.xxx.xxx]:51605 is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.



    Can someone explain what this could mean. Of course I am afraid it is a spammer on the server and if so need to figure out how it is being sent.
     
  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    The message itself, could be a client trying to check their mail without the option in their email client selected: "Server requires authentication". If it was a spammer ( could have been ), it was stopped.
     
  3. Harryhood

    Harryhood Well-Known Member

    Joined:
    Jun 3, 2003
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Gamehenge
    Thanks Haze. A couple of questions..

    The

    portion of the log entry is the actual servername and ip address of the server, so it would seem the email originated (or tried to originate on the server). Is that true?

    One thing in paticular that I am not clear on is whether the error message:

    Was generated by the local server or was a response from the mail server where the message was sent to (or attempted to be sent to)

    Are you able to confirm one or either of those?

    Thanks
     
  4. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    That does sound like it might be origonating from your server, then again it could be spoofed. I see a heck of a lot of spammers connecting to our servers using our hostname and or our IP to try and fool the mail server, this may be the case.

    The error message essentially says.. "Hey, your trying to relay on this server, and relaying ( unless your authenticated ), is NOT allowed! BUGGER OFF!!" and the error message is coming from your server.
     
Loading...

Share This Page