Legitimate messages going into exim_rejectlogs
I have a lot of legitimate messages of this style inside /var/log/exim_rejectlogs:
Searching the ID message with eximgrep I'm receiving this error:
Inside /var/log/exim_mainlog
only that. No news of result. Still worse, all these legitimate messages are not visible using the WHM email reports by any filter or search word. Therefore I have a big accumulation. The last change I have made in Exim configuration, it was disabling the 2 DKIM parameters inside WHM -> Exim editor. Because I had some complaints from people who cannot receive these messages from legitimate senders without DKIM Please, give me some guide to help to fix this problem, and some way to re-process all these messages in order these can be added to the normal queue again,. Thanks!!
2020-03-20 13:09:30.176 [7350] dovecot_login authenticator failed for (CVEWxBTSO) [16.24.162.82]:57543 I=[78.12.12.12]:25: 535 Incorrect authentication data (set_id=someuserx)
2020-03-20 13:09:51.446 [7376] H=(2DKyD0) [16.24.162.82]:60383 I=[78.12.12.12]:25 rejected MAIL : Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2020-03-20 13:13:43.666 [8193] 2jFXtf-000299-I3 H=smtp-relay-03.somedomain.net [23.213.213.43]:60479 I=[78.12.12.12]:25 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no rejected DKIM
Envelope-from:
Envelope-to:
P Received: by host.server.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.93)
(envelope-from )
id 2jFXtf-000299-I3
for thereceiver@receiverdomain.com; Fri, 20 Mar 2020 13:13:43 +0100
P Received: from localhost (smtp-relay-local.scip.local [127.0.0.1])
by smtp-relay.somedomain.com (Postfix) with SMTP id E0A2E40494
for ; Fri, 20 Mar 2020 13:13:01 +0100 (CET)
P Received: from mail-node.somedomain.com
by smtp-relay.somedomain.com (Postfix) with ESMTP id E3E89807A4
for ; Fri, 20 Mar 2020 13:13:00 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=senderdomain.com; s=dddk;
t=1584742380; bh=r94HqGMEUmxC1NGI44RjTbFv2A7LOAzoaxlZYwSX33M=;
h=Date:Subject:Message-ID:From:To:Content-Type;
b=nqLpdYmAA89G6pm17mWiEGZ76VYoHlL21aMBSeAAWzQ6BHXK+ooP1B4LN4gOo2RQG
ny5hTcdlq4UsCeopm17mWiEGZ76VYoHlL21eMkUJN7M4RmaWRHnwmjnCYPA+Sr+jpR
P0VzDfbXWQAib26pm17mWiEGZ76VYoHlL21x5+8Q=
P Received: from [192.168.1.59] (clientmachine.net [12.12.12.12])
(Authenticated sender: thesender@senderdomain.com)
by mail-node.somedomain.com (Postfix) with ESMTPA id B245A40729
for ; Fri, 20 Mar 2020 13:13:00 +0100 (CET)
Date: Fri, 20 Mar 2020 13:12:58 +0100
Subject: Test
I Message-ID:
X-Android-Message-ID:
F From: thesender@senderdomain.com
T To: thereceiver@receiverdomain.com
Importance: Normal
X-Priority: 3
X-MSMail-Priority: Normal
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.11 (mail-node.somedomain.com [0.0.0.0]); Fri, 20 Mar 2020 13:13:00 +0100 (CET)
2020-03-20 13:14:25.491 [8238] H=smtp02.smtpout.orange.fr (smtp.smtpout.orange.fr) [80.12.242.122]:23310 I=[78.12.12.12]:25 X=TLS1:DHE-RSA-AES128-SHA:128 CV=no F= rejected RCPT : Sender domain is banned
Searching the ID message with eximgrep I'm receiving this error:
# exigrep '2jFXtf-000299-I3' /var/log/exim_rejectlog
+++ 2jFXtf-000299-I3 has not completed +++
2020-03-20 13:13:43.666 [8193] 2jFXtf-000299-I3 H=smtp-relay-03.somedomain.net [23.213.213.43]:60479 I=[78.12.12.12]:25 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no rejected DKIM
Inside /var/log/exim_mainlog
2020-03-20 13:13:43.666 [8193] 2jFXtf-000299-I3 DKIM: d=senderdomain.com s=dddk c=relaxed/simple a=rsa-sha256 b=1024 t=1584742380 [verification succeeded]
2020-03-20 13:13:43.666 [8193] 2jFXtf-000299-I3 H=smtp-relay-03.somedomain.net [23.213.213.43]:60479 I=[78.12.12.12]:25 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no rejected DKIM
2020-03-20 13:13:43.666 [8193] SMTP connection from smtp-relay-03.somedomain.net [23.213.213.43]:60479 I=[78.12.12.12]:25 closed by QUIT
2020-03-20 13:13:45.248 [3649] SMTP connection from [80.12.242.122]:23310 I=[78.12.12.12]:25 (TCP/IP connection count = 1)
2020-03-20 13:14:06.788 [8263] cwd=/etc/csf 2 args: /usr/sbin/exim -bpc
only that. No news of result. Still worse, all these legitimate messages are not visible using the WHM email reports by any filter or search word. Therefore I have a big accumulation. The last change I have made in Exim configuration, it was disabling the 2 DKIM parameters inside WHM -> Exim editor. Because I had some complaints from people who cannot receive these messages from legitimate senders without DKIM Please, give me some guide to help to fix this problem, and some way to re-process all these messages in order these can be added to the normal queue again,. Thanks!!
-
solved. Problem was the custom filters 0
Please sign in to leave a comment.
Comments
2 comments