0

i dont understand this lines in exim mainlog , may anybody explain this ? my server is sending spam and i need to stop it.

2015-04-25 07:51:42 1Ylqf0-0000TF-G1 DKIM: d=mandrillapp.com s=mandrill c=relaxed/relaxed a=rsa-sha256 i=@mandrillapp.com t=1429909592 [verification succeeded]
2015-04-25 07:51:42 1Ylqf0-0000TF-G1 H=mail134-14.atl141.mandrillapp.com [198.2.134.14] X=TLSv1:DHE-RSA-AES256-SHA:256 temporarily rejected DKIM : DKIM: Deferred. reason='pubkey_unavailable'
2015-04-25 07:51:23 H=www4153up.sakura.ne.jp (todaygoh**.com) [153.121.54.***] sender verify defer for <lixia@cq-l-tax.gov.cn>: host lookup did not complete
2015-04-25 07:51:23 H=www4153up.sakura.ne.jp (todaygoh**.com) [153.121.54.***] F=<lixia@cq-l-tax.gov.cn> temporarily rejected RCPT <info@mhostedsite.com>: Could not complete sender verify
2015-04-25 07:51:23 H=www4153up.sakura.ne.jp (todaygoh**.com) [153.121.54.***] incomplete transaction (RSET) from lixia@cq-l-tax.gov.cn

please note these sites is not hosted in my server

Ehsan Chavoshi
  • 121
  • 4

1 Answers1

1

This lihes have two different source

First two lines with message-ID 1Ylqf0-0000TF-G1 means that sender of message have poorly configured DKIM on his side. While his MTA do make the DKIM signing, his DNS records do not contains corresponding public key.

Last three lines belongs to other session that even do not pass the sender verification. If that verification required, your server have try to connect with the server mentioned as sender's mail server. If that server accept sender's email lixia@cq-l-tax.gov.cn than verificcation supposed to be successfully completed. But in your case sender's server cq-l-tax.gov.cn doesn't even exists, probably because sender's address is forged.

Kondybas
  • 6,864
  • 2
  • 19
  • 24