[Sussex] Problems with Exim4....
Richie Jarvis
richie at helkit.com
Fri Nov 13 10:27:53 UTC 2009
Hi All,
Got a bit of a problem with my mail servers. The scenario I use is as
follows:
helkit.com is a colo hosted in the US, and runs Exim4. It runs
greylistd, and forwards all email to heliosuk.net, an ubuntu server
running Exim4 on my local LAN. heliosuk.net also accepts mail directly,
and therefore also runs greylistd, but helkit.com is in the whitelist.
Both heliosuk.net and helkit.com are setup to accept email from a number
of domains, not just their own domain - hence judoatlewes.co.uk,
helkit.com, deepsky.org.uk can all be transferred to my local mailserver
on heliosuk.net.
The problem I am seeing is hundreds of the following messages from
logwatch everyday - the logwatch file is 2MB in size, and has even on
occasion filled up the root partition during generation!!:
--- Bad Hosts ---
Sudden disconnect while expecting remote input:
2009-11-12 00:00:01 : IP:209.59.207.123
2009-11-12 00:00:02 : IP:209.59.207.123
2009-11-12 00:00:08 : IP:209.59.207.123
Exim4 mainlog on helkit.com shows many of the following:
2009-11-13 10:12:07 H=(heliosuk.net) [82.152.138.105]
F=<particularizes at college-gerard-philipe.com> rejected RCPT
<akpn at judoatlewes.co.uk>
2009-11-13 10:12:07 unexpected disconnection while reading SMTP command
from (heliosuk.net) [82.152.138.105]
Exim4 mainlog on heliosuk.net shows many of these:
2009-11-13 10:12:07 unexpected disconnection while reading SMTP command
from helkit.com [209.59.207.123]
Now, the problem seems to be that something somewhere is just
disconnecting the call - but I am not sure which end is doing the
disconnection!!
Obviously, the example above is spam, because of the random email
address, however, greylistd is set to accept email from 209.59.207.123,
as its in the /etc/greylistd/whitelist-hosts file.
The spam, by the way, is rejected later on automatically by exim4, as
that user does not exist for it to be delivered.
I also see this sort of thing alot in the heliosuk.net mainlog:
2009-11-13 10:23:47 Connection from [209.59.207.123] refused: too many
connections from that IP address
So - whats going on? All I want to happen is for helkit.com to receive
all email, and route it back home to heliosuk.net... Is that so hard
really??
Incidentally, legitimate mail does get through - eventually!!
Thanks in advance for any thoughts/help...
Cheers,
Richie
--
helkit.com - LinuxAstro.org - deepsky.org.uk
--
helkit.com - LinuxAstro.org - deepsky.org.uk
More information about the Sussex
mailing list