Email Logs: Help Me Decipher

Hi, I am running Cpanel (Current Release) on RH9 with Apache and Exim MTA

I am using an exim mod that rejects incoming mail to the server based on RBL black list sites.

I see the following in logs quite often and I am trying to decipher this type of entry. The question is, I am wondering why my server IP # is being listed as "H=". In the below example, my server main ip is listed in parentheses. I have x'd out the main server IP so I can display the log entry here. Incidently, I checked my main server IP # and it is not black listed anywhere.

----------- From /var/log/exim_mainlog ----------
2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<utjjqbwzi@yahoo.com> rejected RCPT <slopok@parkw.com>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
-------------------------------------------------------

So, this is telling me that IP #219.94.59.189 is black listed at dsbl.org. I get that. I get that IP 219.94.59.189 is the REAL sender or the origin IP of the incoming email. Right?

Okay. Why then, is my server IP number listed as "H=(xx.xx.xx.xx)"? Is this email being sent THROUGH my web server from a person at IP # 219.94.59.189? If so, is it likely a formprocessor script, or could it be a mailman mailing list?

I guess "H" stands for "HELO"?


I noticed that my server IP is NOT listed as "H=" in every log entry. So, I am guessing that when my IP is listed as "H=", that it means my server is being used as a relay? Maybe through a form?

-------- My Server IP is not listed as "H=" in every log entry. -----------
2004-08-11 09:41:29 H=(zipolite.com) [210.205.144.78] F=<aeldrafox@yahoo.com> rejected RCPT <ritaay@teamc.com>: Message rejected because (zipolite.com) [210.205.144.78] is blacklisted at dnsbl.njabl.org see open proxy -
2004-08-11 09:31:34 H=(xx.xx.xx.xx) [219.94.59.189] F=<utjjqbwzi@yahoo.com> rejected RCPT <slopok@parkwaydrivein.com>: Message rejected because (xx.xx.xx.xx) [219.94.59.189] is blacklisted at list.dsbl.org see http://dsbl.org/listing?ip=219.94.59.189
------------------------------------------------------------------

Any help from you will be much appreciated. I have searched these forums and others and have not been able to find this specific info about mail logs.

 

 

 

 

Top