Hi, I have been subject to spam attacks and had to turn SMTP proxy off. Using v4.22. Also put explict reject on smtp and POP port on external and internal interfaces. No dmz. ASL is still logging that my system appears to be sending spam after I have done this. Could I have a trojan or something in ASL.
The following is an example of a log file entry - SMTP and POP have been explicitly rejected.
"2004-Aug 22 00:00:52 (none) exim[6843]: 2004-08-22 00:00:51 1BwHyL-0004mD-4D == jhfield@hanmir.com R=dnslookup T=remote_smtp defer (0): SMTP error from remote mailer after MAIL FROM:: host rmail3.hanmir.com [211.41.82.121]: 421 4.3.1 ILLEGAL FROM Sorry. Your IP has problems. This Connection will be closed. Please mail to mailsysop@hanmir.com (by using another e-mail server). Thank you."
Also another common entry is "2004-Aug 22 00:00:58 (none) exim[6911]: 2004-08-22 00:00:58 1BxXBi-0003md-Vp == fdfdfdfd454544@korea.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host"
My understanding is that all SMTP should be rejected and should be not logged if it is blocked on the interface. Any help/comments would be appreciated.
This thread was automatically locked due to age.
