On Thu, Mar 30, 2023 at 12:00:01PM +0300, Reco wrote: > Hi. > > On Thu, Mar 30, 2023 at 09:30:49AM +0100, Julian Gilbey wrote: > > I wonder if anyone has any idea about how to track this down? > > I'd check /var/log/exim4/mainlog first, obviously. > For instance, your mail was sent to my MTA by bendel.d.o, as is > should be: > > $ grep ZmNnhCgr7-N.A.uSE.A2UJkB /var/log/exim4/mainlog > 2023-03-30 10:51:15 1pho03-0000QZ-9B <= > bounce-debian-user=deb=enotuniq....@lists.debian.org H=bendel.debian.org > [82.195.75.100] P=esmtps > X=TLS1.3:ECDHE_X25519__ECDSA_SECP384R1_SHA384__AES_256_GCM:256 CV=no S=5087 > id=ZmNnhCgr7-N.A.uSE.A2UJkB@bendel
Hi Reco, Thanks! The log seems quite unhelpful here, though I may be missing something. Here is an example: 2023-03-29 00:07:19 1phIPT-0047NQ-0H <= <> H=(LOCALHOSTNAME) [::1] P=smtp S=2878 2023-03-29 00:07:19 1phIPT-0047NQ-0H ** frpjxbkek...@sport.qc.ca <frpjxbkek...@sport.qc.ca> R=nonlocal: Mailing to remote domains not supported 2023-03-29 00:07:19 1phIPP-0047NT-0V <= <> R=1phIPT-0047NQ-0H U=Debian-exim P=local S=667 2023-03-29 00:07:19 1phIPT-0047NQ-0H Frozen (delivery error message) 2023-03-29 00:13:24 1phIPT-0047NQ-0H Message is frozen ...and lots of repeats of this last message until I manually deleted the message. (I've replaced my local machine name with "LOCALHOSTNAME" in the above.) It seems to have originated locally ([::1]), which is why I wonder whether I've got a virus of some sort. On my internet-facing host, these messages appear to originate from a Canadian ISP, but I don't know whether to believe it, given what's happening on my other machine. Best wishes, Julian
