strange exim failed messages
I am trying to understand the following message I saw in the exim logs.
The top of the message says: [QUOTE]This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
mgiraux@hotmail.com
Domain {my_domain_name_here} has exceeded the max emails per hour (313/250 (125%)) allowed. Message discarded.
Because users I do not expect many emails leaving the server I have set a limit. Then it continues: [QUOTE]------ This is a copy of the message, including all the headers. ------ Return-path: Received: from nat-4.kem.sibset.net ([178.248.80.4]:55952 helo={my_domain_name_here} by malamo.{my_domain_name_here} with esmtpa (Exim 4.82) (envelope-from ) id 1XJvwp-0007zq-5b for mgiraux@hotmail.com; Tue, 19 Aug 2014 22:48:27 -0400 Message-ID: <77F8445BD05F8D83EE4666A79DEE3063@{my_domain_name_here}> From: "chvparis" To: "Myriam GIRAUX" Subject: =?ISO-8859-1?Q?chvparis=40yahoo.com?= Date: Tue, 20 Aug 2014 03:48:26 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_F65F_032E8BBB.0E11DFAF" X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 16.4.3522.110 X-MIMEOLE: Produced By Microsoft MimeOLE V16.4.3522.110 This is a multi-part message in MIME format.
I am the only one who has access to this server but I do host a few "simple" websites. Does this mean that the email came to my server from nat-4.kem.sibset.net? [QUOTE]Received: from nat-4.kem.sibset.net ([178.248.80.4]:55952 helo={my_domain_name_here} by malamo.{my_domain_name_here} with esmtpa (Exim 4.82)
Also, this is who sent it and it should of went: [QUOTE]From: "chvparis" To: "Myriam GIRAUX"
but how did I get this message in my log? Do I have a problem here?
Because users I do not expect many emails leaving the server I have set a limit. Then it continues: [QUOTE]------ This is a copy of the message, including all the headers. ------ Return-path: Received: from nat-4.kem.sibset.net ([178.248.80.4]:55952 helo={my_domain_name_here} by malamo.{my_domain_name_here} with esmtpa (Exim 4.82) (envelope-from ) id 1XJvwp-0007zq-5b for mgiraux@hotmail.com; Tue, 19 Aug 2014 22:48:27 -0400 Message-ID: <77F8445BD05F8D83EE4666A79DEE3063@{my_domain_name_here}> From: "chvparis" To: "Myriam GIRAUX" Subject: =?ISO-8859-1?Q?chvparis=40yahoo.com?= Date: Tue, 20 Aug 2014 03:48:26 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_F65F_032E8BBB.0E11DFAF" X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 16.4.3522.110 X-MIMEOLE: Produced By Microsoft MimeOLE V16.4.3522.110 This is a multi-part message in MIME format.
I am the only one who has access to this server but I do host a few "simple" websites. Does this mean that the email came to my server from nat-4.kem.sibset.net? [QUOTE]Received: from nat-4.kem.sibset.net ([178.248.80.4]:55952 helo={my_domain_name_here} by malamo.{my_domain_name_here} with esmtpa (Exim 4.82)
Also, this is who sent it and it should of went: [QUOTE]From: "chvparis" To: "Myriam GIRAUX"
but how did I get this message in my log? Do I have a problem here?
-
Hello :) I suggest reviewing /var/log/exim_mainlog to see what type of email activity is occurring on your system. Look to see if any of the emails are coming from sources other than yourself. The following document may also help you: How to prevent email abuse Thank you. 0 -
OY!! First of all let my apologize to the hundred of thousands of people who received spam from my server. SORRY! Apparently because of the heartbleed bug the server was compromised and I "they" were sending spam my the droves. The server software has been updated and the issue is resolved. I hope this message helps others. Evan 0 -
Please keep in mind that if your server has been exploited and root access has been obtained, then nothing short of reinstalling the OS/cPanel and restoring the accounts from backup archives is going to be a suitable method of cleaning the server. Thank you. 0
Please sign in to leave a comment.
Comments
3 comments