I am getting blacklisted
Added 6 months ago
You have been blacklisted and you want to know why.
zgrep -i relay /var/mailcleaner/log/exim_stage1/mainlog.*.gz | grep 'sender ' | sed 's/.*sender //' | sed 's/ on port 25//' |sort -n |uniq -c |sort -n
will give you the person who relayed the most through your MailCleaner server (you can adapt this about the log files taken into consideration)
for the current day use /var/mailcleaner/log/exim_stage1/mainlog
for yesterday use /var/mailcleaner/log/exim_stage1/mainlog.1
and for previous day increase the number right before .gz starting with /var/mailcleaner/log/exim_stage1/mainlog.2.gz
The previous command will parse from 2 days before current date to 9 days before current date.
Make sure the behaviour you see is wanted. If it is not, please change the password for the concerned user : his account was probably compromised and is used to relay spams.
Before changing the password you can add his address to :
Configuration -> SMTP -> Connection Control->Reject these authenticated users
Configuration -> SMTP -> Connection Control->Reject these senders addresses :
and re enable the sender once the password is changed.
If the source wasnt here, please check how you configured :
Configuration->SMTP->Connection control -> Allow external relaying for these hosts and Allow relaying from unknown domains
Also verify if all domains using:
Configuration->Domains-> -> Outgoing relay -> Allow users to use SMTP authentication
all require to be relayed via MailCleaner. Usually a domain will be relayed by its own mail server (the one usually used as destination server for the domain).