Exim mainlog meaning of the auth_relay log line

postcd

Member
Joined
Jul 8, 2017
Messages
37
Reaction score
3
Credits
89
In /var/log/exim/mainlog was two lines related to my hosting account with username "user" and account domain "domain.net".
it is claimed to be related to SPAM and i want to ask if you can please explain in detail how to read these log lines so i can find exactly how the site is exploited by the spammer so i can fix this. Thank You

messageid1 ** [email protected] F=<[email protected]> R=smart_route T=auth_relay H=smtp.mailchannels.net [52.35.171.68] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end of data: 550 5.7.1 [SS] Blocked. See https://console.mailchannels.net/insights/bounce?auid=*&[email protected]&txid=*

messageid2 ** [email protected] <[email protected]> F=<[email protected]> R=smart_route T=auth_relay H=smtp.mailchannels.net [34.223.74.227] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end of data: 550 5.7.1 [STFWRBL] Blocked. See https://console.mailchannels.net/[email protected]&txid=*
 



The error says you mails were blocked. You should refer to the linked pages for more details.
If it says it related to SPAM without giving you details, you should check few things :

  • Your Exim server has its IP in you domain SPF record
  • If you have DMARC enabled the email Return-Path field must matche the sender domain
  • Your Exim server is not listed in any SPAM blacklist
  • You could also configure the reverse DNS of your Exim server's IP to match your domain
 
messageid1 ** [email protected] F=<[email protected]> R=smart_route T=auth_relay H=smtp.mailchannels.net [52.35.171.68] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end of data: 550 5.7.1 [SS] Blocked. See https://console.mailchannels.net/insights/bounce?auid=*&[email protected]&txid=*

As we can understand from the link I gave you :

messageid1 : message id
** : delivery failed; address bounced
[email protected] : the destination email
F=<[email protected]> : sender address
R=smart_route : the router name, here dynamic
T=auth_relay : not documented
H=smtp.mailchannels.net [52.35.171.68] : host name and IP (of the relay)
X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 : TLS cipher suite (the way it was encrypted)
CV=yes : certificate verification status
SMTP error from remote mail server after end of data : error message
550 : SMTP error code
5.7.1 : Detailed error code
[SS] Blocked. See https://console.mailchannels.net/insights/bounce?auid=*&[email protected]&txid=* : the message provided by the server


So what's happening ? You Exim server tries to send a message to [email protected] from [email protected] using an SMTP relay "mailchannels.net" but "mailchannels.net" didn't accept to forward the message because "Blocked".
The reason why the message was blocked will not appear in your Exim log because it was decided on mailchannels.net. If you want more details you have to check the mailchannels link.

I don't know what's on the mailchannels page so I can't tell you exactly what's wrong, this is the reason why I gave you the most common reasons for such a problem to happen.

I hope I was explicit enough this time.
 
Since the bounced logs you have provided contains only limited information, for that reason it is not possible to provide a detailed explanation for that log.

As mentioned earlier the relay server, smtp.mailchannels.net has blocked the message with an error " 550 5.7.1 [SS]", you may need to check this with mailchannels.net and collect the exact logs from their filter system and it will explain a bit more.
 

Members online


Latest posts

Top