Help with exim_mainlog

Posted on 2010-09-13
Last Modified: 2013-11-30
Someone is sending a ton of spam out from my server but I can't figure out who the sender is. I attached a few lines from my log. The sender appears to be 1Ounp6-0008So-0z, is that some sort of ID created by exim?

Thank you

2010-09-13 09:15:01 1Ounp6-0008So-0z => R=send_to_smart_host T=remote_smtp H=k2smtpout-                                     []*

2010-09-13 09:15:01 1Ounp6-0008So-0z -> R=send_to_smart_host T=remote_smtp H=k2smtpout-                                     []*

2010-09-13 09:15:01 1Ounp6-0008So-0z -> R=send_to_smart_host T=remote_smtp H=k2smtpout                                     []*

Open in new window

Question by:itsofmi
  • 3
  • 2
LVL 45

Expert Comment

ID: 33662366
Hi itsofmi,

You probably have SMTP relay enabled.  Some spammer is just routing his mail through you to mask his true identity.

LVL 26

Expert Comment

ID: 33663172
1Ounp6-0008So-0z is the message id...

Author Comment

ID: 33663267
is there any way to see the sender in the mainlog?
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

LVL 26

Expert Comment

ID: 33663708
Not sure (I'm a Sendmail guy), but this command should show you queued messages with the sender and recipient addresses:

# exim -bp

So if you still have spam queued up, you can see the sender address
LVL 45

Accepted Solution

Kdo earned 250 total points
ID: 33664406
You should be able to look at the network packets and examine in incoming IP addresses.  If you're acting as an SMTP relay there should be a lot of connections from a single address.
LVL 26

Assisted Solution

jar3817 earned 250 total points
ID: 33664427

# netstat -an |grep :25

That'll show you active connections on port 25.

Featured Post

Why are Office 365 signatures so complicated?

Trying to setup transport rules for Office 365 email signatures and can’t quite figure it out? Having to test the signature over and over? Make things simple by using Exclaimer Cloud - Signatures for Office 365.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now