yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity

exim: too many emails! #6

New Issue
Closed
opened 2018-09-11 08:42:16 +02:00 by yves · 2 comments
yves commented 2018-09-11 08:42:16 +02:00
Owner

With >25000 frozen emails, and almost 350 emails sent to my ISP smarthost in the last 24h, something is very wrong!

In the logs, I get lots of this:

sept. 11 08:28:04 dmz exim[5837]: 2018-09-11 08:28:04 1fzc9b-0001W9-6k <= 1075638498@qq.com H=(mx1.contron.com.cn) [114.239.42.116] P=smtp S=8220 id=4b17c2205e75885b4c52b3e42ab30d1b@qq.com
sept. 11 08:28:05 dmz exim[5838]: 2018-09-11 08:28:05 1fzc9b-0001W9-6k ** accomp.an.y.v.ellpv@www.yalis.fr R=lmtp_user T=lmtp_transport: LMTP error after RCPT TO:<accomp.an.y.v.ellpv@www.yalis.fr>: 550 5.1.1 <accomp.an.y.v.ellpv@www.yalis.fr> User doesn't exist: accomp.an.y.v.ellpv@www.yalis.fr
sept. 11 08:28:05 dmz exim[5841]: 2018-09-11 08:28:05 1fzc9d-0001WD-1k <= <> R=1fzc9b-0001W9-6k U=exim P=local S=9570
sept. 11 08:28:05 dmz exim[5838]: 2018-09-11 08:28:05 1fzc9b-0001W9-6k Completed
sept. 11 08:28:05 dmz exim[5843]: 2018-09-11 08:28:05 1fzc9d-0001WD-1k => 1075638498@qq.com R=smarthost T=remote_smtp H=smtp.bbox.fr [194.158.122.55] C="250 2.0.0 Ok: queued as 2944244"
sept. 11 08:28:05 dmz exim[5843]: 2018-09-11 08:28:05 1fzc9d-0001WD-1k Completed

sept. 11 08:34:58 dmz exim[5866]: 2018-09-11 08:34:58 1fzcGG-0001Wc-O0 <= 1195681431@qq.com H=(zhzhongtai.com) [113.128.27.136] P=smtp S=7762 id=306fb67ea58d3335d86eec5009661326@qq.com
sept. 11 08:34:58 dmz exim[5869]: 2018-09-11 08:34:58 1fzcGG-0001Wc-O0 ** accomp.an.y.v.ellpv@www.yalis.fr R=lmtp_user T=lmtp_transport: LMTP error after RCPT TO:<accomp.an.y.v.ellpv@www.yalis.fr>: 550 5.1.1 <accomp.an.y.v.ellpv@www.yalis.fr> User doesn't exist: accomp.an.y.v.ellpv@www.yalis.fr
sept. 11 08:34:58 dmz exim[5872]: 2018-09-11 08:34:58 1fzcGI-0001Wi-Gj <= <> R=1fzcGG-0001Wc-O0 U=exim P=local S=9112
sept. 11 08:34:58 dmz exim[5869]: 2018-09-11 08:34:58 1fzcGG-0001Wc-O0 Completed
sept. 11 08:34:58 dmz exim[5874]: 2018-09-11 08:34:58 1fzcGI-0001Wi-Gj => 1195681431@qq.com R=smarthost T=remote_smtp H=smtp.bbox.fr [194.158.122.55] C="250 2.0.0 Ok: queued as 970824C"
sept. 11 08:34:58 dmz exim[5874]: 2018-09-11 08:34:58 1fzcGI-0001Wi-Gj Completed

Am I being used a part of a DDOS attack, or simply “too polite” (I notify of an error when I should not)?

With >25000 frozen emails, and almost 350 emails _sent_ to my ISP smarthost in the last 24h, something is very wrong! In the logs, I get lots of this: ```syslog sept. 11 08:28:04 dmz exim[5837]: 2018-09-11 08:28:04 1fzc9b-0001W9-6k <= 1075638498@qq.com H=(mx1.contron.com.cn) [114.239.42.116] P=smtp S=8220 id=4b17c2205e75885b4c52b3e42ab30d1b@qq.com sept. 11 08:28:05 dmz exim[5838]: 2018-09-11 08:28:05 1fzc9b-0001W9-6k ** accomp.an.y.v.ellpv@www.yalis.fr R=lmtp_user T=lmtp_transport: LMTP error after RCPT TO:<accomp.an.y.v.ellpv@www.yalis.fr>: 550 5.1.1 <accomp.an.y.v.ellpv@www.yalis.fr> User doesn't exist: accomp.an.y.v.ellpv@www.yalis.fr sept. 11 08:28:05 dmz exim[5841]: 2018-09-11 08:28:05 1fzc9d-0001WD-1k <= <> R=1fzc9b-0001W9-6k U=exim P=local S=9570 sept. 11 08:28:05 dmz exim[5838]: 2018-09-11 08:28:05 1fzc9b-0001W9-6k Completed sept. 11 08:28:05 dmz exim[5843]: 2018-09-11 08:28:05 1fzc9d-0001WD-1k => 1075638498@qq.com R=smarthost T=remote_smtp H=smtp.bbox.fr [194.158.122.55] C="250 2.0.0 Ok: queued as 2944244" sept. 11 08:28:05 dmz exim[5843]: 2018-09-11 08:28:05 1fzc9d-0001WD-1k Completed sept. 11 08:34:58 dmz exim[5866]: 2018-09-11 08:34:58 1fzcGG-0001Wc-O0 <= 1195681431@qq.com H=(zhzhongtai.com) [113.128.27.136] P=smtp S=7762 id=306fb67ea58d3335d86eec5009661326@qq.com sept. 11 08:34:58 dmz exim[5869]: 2018-09-11 08:34:58 1fzcGG-0001Wc-O0 ** accomp.an.y.v.ellpv@www.yalis.fr R=lmtp_user T=lmtp_transport: LMTP error after RCPT TO:<accomp.an.y.v.ellpv@www.yalis.fr>: 550 5.1.1 <accomp.an.y.v.ellpv@www.yalis.fr> User doesn't exist: accomp.an.y.v.ellpv@www.yalis.fr sept. 11 08:34:58 dmz exim[5872]: 2018-09-11 08:34:58 1fzcGI-0001Wi-Gj <= <> R=1fzcGG-0001Wc-O0 U=exim P=local S=9112 sept. 11 08:34:58 dmz exim[5869]: 2018-09-11 08:34:58 1fzcGG-0001Wc-O0 Completed sept. 11 08:34:58 dmz exim[5874]: 2018-09-11 08:34:58 1fzcGI-0001Wi-Gj => 1195681431@qq.com R=smarthost T=remote_smtp H=smtp.bbox.fr [194.158.122.55] C="250 2.0.0 Ok: queued as 970824C" sept. 11 08:34:58 dmz exim[5874]: 2018-09-11 08:34:58 1fzcGI-0001Wi-Gj Completed ``` Am I being used a part of a DDOS attack, or simply “too polite” (I notify of an error when I should not)?
yves commented 2018-09-11 18:12:01 +02:00
Poster
Owner

For reference, the complete exim.conf file.

For reference, the complete `exim.conf` file.
exim.conf
41 KiB
yves commented 2018-09-11 21:09:49 +02:00
Poster
Owner

Thanks to notkoos on IRC (Freenode#exim), here is the answer, from Archlinux wiki: “As of Exim 4.88 there is a limitation with the lmtp driver: in an ACL verify = recipient/callout=no_cache won't work as expected, i.e. non-existent user accounts won't throw a failure”

Thanks to _notkoos_ on IRC (Freenode#exim), here is the answer, from [Archlinux wiki](https://wiki.archlinux.org/index.php/Exim#Dovecot_LMTP_delivery_.26_SASL_authentication): “As of Exim 4.88 there is a limitation with the lmtp driver: in an ACL `verify = recipient/callout=no_cache` won't work as expected, i.e. non-existent user accounts won't throw a failure”
yves closed this issue 2018-09-13 19:19:56 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
podman
master
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: yves/home-server#6
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?