first box:
QUOTE
av_scanner = clamd:/var/clamd
acl_smtp_connect = acl_check_host
acl_smtp_mail = acl_check_sender
domainlist rv_rbl_receiver_domain_whitelist = lsearch;/usr/local/cpanel/base/eximacl/rv_rbl_receiver_domain_whitelist
hostlist rv_rbl_server_ip_whitelist = net-iplsearch;/usr/local/cpanel/base/eximacl/rv_rbl_server_ip_whitelist
addresslist rv_rbl_sender_address_whitelist= lsearch*@;/usr/local/cpanel/base/eximacl/rv_rbl_sender_address_whitelist
addresslist rv_spam_sender_address_whitelist= lsearch*@;/usr/local/cpanel/base/eximacl/rv_spam_sender_address_whitelist
hostlist rv_relay_hosts = net-iplsearch;/etc/relayhosts
# For debugging purpose add +subject and +argument.
# It will show the subject of email and the folder of the script invoking sendmail.
#
# 200c-04-22 00:50:19 cwd=/home/username/public_html/spamsource 3 args: /usr/sbin/sendmail -t -i
#
# You will find spammer on your server easier.
# log_selector = -host_lookup_failed -lost_incoming_connection
log_selector = +subject +arguments -host_lookup_failed -lost_incoming_connection
acl_smtp_connect = acl_check_host
acl_smtp_mail = acl_check_sender
domainlist rv_rbl_receiver_domain_whitelist = lsearch;/usr/local/cpanel/base/eximacl/rv_rbl_receiver_domain_whitelist
hostlist rv_rbl_server_ip_whitelist = net-iplsearch;/usr/local/cpanel/base/eximacl/rv_rbl_server_ip_whitelist
addresslist rv_rbl_sender_address_whitelist= lsearch*@;/usr/local/cpanel/base/eximacl/rv_rbl_sender_address_whitelist
addresslist rv_spam_sender_address_whitelist= lsearch*@;/usr/local/cpanel/base/eximacl/rv_spam_sender_address_whitelist
hostlist rv_relay_hosts = net-iplsearch;/etc/relayhosts
# For debugging purpose add +subject and +argument.
# It will show the subject of email and the folder of the script invoking sendmail.
#
# 200c-04-22 00:50:19 cwd=/home/username/public_html/spamsource 3 args: /usr/sbin/sendmail -t -i
#
# You will find spammer on your server easier.
# log_selector = -host_lookup_failed -lost_incoming_connection
log_selector = +subject +arguments -host_lookup_failed -lost_incoming_connection
From the 3 boxes:
1st of the 3:
QUOTE
#!!# This ACL is used at the start of an incoming connection.
#!!# The tests are run in order until the connection is
#!!# either accepted or denied.
acl_check_host:
##
# Reject email sent from mail server IP listed in the blacklist
##
deny message = Host $sender_host_address is blocked
hosts = /usr/local/cpanel/base/eximacl/rv_server_ip_blacklist
delay = 3s
accept
#!!# This ACL is used for the MAIL FROM: command in an
#!!# incoming SMTP transaction. The tests are run in order until the
#!!# sender address is either accepted or denied.
acl_check_sender:
##
# Reject email sent from sender listed in the blacklist
##
deny message = Sender $sender_address is blocked
senders = /usr/local/cpanel/base/eximacl/rv_sender_address_blacklist
delay = 3s
accept
#!!# The tests are run in order until the connection is
#!!# either accepted or denied.
acl_check_host:
##
# Reject email sent from mail server IP listed in the blacklist
##
deny message = Host $sender_host_address is blocked
hosts = /usr/local/cpanel/base/eximacl/rv_server_ip_blacklist
delay = 3s
accept
#!!# This ACL is used for the MAIL FROM: command in an
#!!# incoming SMTP transaction. The tests are run in order until the
#!!# sender address is either accepted or denied.
acl_check_sender:
##
# Reject email sent from sender listed in the blacklist
##
deny message = Sender $sender_address is blocked
senders = /usr/local/cpanel/base/eximacl/rv_sender_address_blacklist
delay = 3s
accept
2nd of the 3:
QUOTE
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
drop hosts = /etc/exim_deny
message = Connection denied after dictionary attack
log_message = Connection denied from $sender_host_address after dictionary attack
drop message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count failures)
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
condition = ${run{/etc/apf/apf -d $sender_host_address exim }{yes}{no}}
!verify = recipient
# Accept bounces to lists even if callbacks or other checks would fail
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
#if it gets here it isn't mailman
#sender verifications are required for all messages that are not sent to lists
require verify = sender
##
# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.
##
deny message = Bad HELO: Empty HELO, please see RFC 2821 section 4.1.1.1
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
delay = 3s
##
# Forged hostname -HELOs as one of my own IPs
##
# Forged HELO (our ip/hostname)
deny message = Forged HELO: you are not $sender_helo_name as that is our IP Address and you are not allowed to use it in HELO/EHLO as per RFC Standards.
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
delay = 3s
##
# Forged hostname - HELOs as my own hostname or domain
##
deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC Standards.
# accept helo which is in local_domain if we relay or had smtp auth
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}}
delay = 3s
##
# Hacked HELO (DOMAIN.com) (constructed by viruses)
##
deny message = Hacked HELO: you are not $sender_helo_name
condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
delay = 3s
##
# Reject email sent from server listed in DNS blacklists.
##
deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
# RBL Bypass Local Domain List
!domains = +rv_rbl_receiver_domain_whitelist
# RBL Whitelist Incoming hosts
!hosts = +rv_rbl_server_ip_whitelist
# RBL Bypass Sender Domain List
!senders = +rv_rbl_sender_address_whitelist
# The following is a list of RBL to check for spam.
dnslists = list.dsbl.org : \
sbl.spamhaus.org : \
relays.ordb.org
delay = 3s
##
# If the receiver domain is on this server, accept only the receiver email addresses that exist.
# Default address for the receiver domain have to set to :fail: to work with this ACL.
# If the default address set to :blackhole: or /dev/null, Exim will always think that email exist
# and pass to lower ACL. Domains being attacked by dictionary attack spam are suggested to set
# default address to :fail:.
##
accept domains = +local_domains
endpass
message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
log_message = unknown user
verify = recipient
accept domains = +relay_domains
warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts
warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}
accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *
deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
##
# Reject messages with serious MIME container errors
##
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
##
# Reject messages attach illegal extension files
##
deny message = We do not accept ".$found_extension" attachments here. If you meant to send this file then please package it up as a zip file and resend it.
# You might need to remove some of these extensions if you want to allow your user get these files
demime = bat:cmd:com:cpl:pif:reg:scr
##
# Reject messages attach attach a file with a CLSID in the name
# which causes Windows to hide the file extension.
##
deny message = Hiding of file extensions(CLSID hidden) is not allowed.
regex = ^(?i)Content-Disposition:
.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
##
# Add a warning header if email contains illegal extension files but acccept the message
##
warn message = X-Antivirus-Filetype: Infected - $found_extension
# You might need to remove some of these extensions if you want to allow your user get these files
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:
sc:msi:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
##
# Add a warning header if email contains Virus but acccept the message
##
warn message = X-Antivirus-Scanner: Infected - $malware_name
demime = *
malware = */defer_ok
# Accept Sender that usually send a lot of emails to minimize spamd load
accept senders = +rv_spam_sender_address_whitelist
accept hosts = @[]
accept hosts = +rv_relay_hosts
accept authenticated = *
# Messages larger than 200k are accepted without spam scanning to reduce spamd load
accept condition = ${if >{$message_size}{200k}{true}}
##
# Reject spam messages with score over 15.
# Keep in mind that $spam_score_int is the messages score multiplied by ten.
##
deny message = Spam score too high ($spam_score)
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{150}{1}{0}}
##
# Add a warning header if email scored between 12 and 15.
# Delete email in the System Filter File, if sender or receiver is not listed in the whitelists.
##
warn message = X-Exiscan-SA-Spam: Yes
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{120}{1}{0}}
##
# Rewrite subject if email scored between 9 and 15.
##
# Always put X-Spam-Score header in the message.
# It looks like this:
# X-Exiscan-SA-Score: 6.6 (++++++)
# When a MUA cannot match numbers, it can match for an
# equivalent number of '+' signs.
warn message = X-Exiscan-SA-Score: $spam_score ($spam_bar)\
# Put X-Spam-Report header in the message.
# This is a multiline header that informs the user
# which tests a message has "hit", and how much a
# test has contributed to the score.
\nX-Exiscan-SA-Report: $spam_report\
# For the subject tag, we prepare a new subject header in the
# ACL, then swap it with the original Subject in the system filter.
\nX-Exiscan-SA-New-Subject: *SPAM* $h_subject:
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{90}{1}{0}}
accept
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
drop hosts = /etc/exim_deny
message = Connection denied after dictionary attack
log_message = Connection denied from $sender_host_address after dictionary attack
drop message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count failures)
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
condition = ${run{/etc/apf/apf -d $sender_host_address exim }{yes}{no}}
!verify = recipient
# Accept bounces to lists even if callbacks or other checks would fail
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
#if it gets here it isn't mailman
#sender verifications are required for all messages that are not sent to lists
require verify = sender
##
# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.
##
deny message = Bad HELO: Empty HELO, please see RFC 2821 section 4.1.1.1
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
delay = 3s
##
# Forged hostname -HELOs as one of my own IPs
##
# Forged HELO (our ip/hostname)
deny message = Forged HELO: you are not $sender_helo_name as that is our IP Address and you are not allowed to use it in HELO/EHLO as per RFC Standards.
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
delay = 3s
##
# Forged hostname - HELOs as my own hostname or domain
##
deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC Standards.
# accept helo which is in local_domain if we relay or had smtp auth
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}}
delay = 3s
##
# Hacked HELO (DOMAIN.com) (constructed by viruses)
##
deny message = Hacked HELO: you are not $sender_helo_name
condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
delay = 3s
##
# Reject email sent from server listed in DNS blacklists.
##
deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
# RBL Bypass Local Domain List
!domains = +rv_rbl_receiver_domain_whitelist
# RBL Whitelist Incoming hosts
!hosts = +rv_rbl_server_ip_whitelist
# RBL Bypass Sender Domain List
!senders = +rv_rbl_sender_address_whitelist
# The following is a list of RBL to check for spam.
dnslists = list.dsbl.org : \
sbl.spamhaus.org : \
relays.ordb.org
delay = 3s
##
# If the receiver domain is on this server, accept only the receiver email addresses that exist.
# Default address for the receiver domain have to set to :fail: to work with this ACL.
# If the default address set to :blackhole: or /dev/null, Exim will always think that email exist
# and pass to lower ACL. Domains being attacked by dictionary attack spam are suggested to set
# default address to :fail:.
##
accept domains = +local_domains
endpass
message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
log_message = unknown user
verify = recipient
accept domains = +relay_domains
warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts
warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}
accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *
deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
##
# Reject messages with serious MIME container errors
##
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
##
# Reject messages attach illegal extension files
##
deny message = We do not accept ".$found_extension" attachments here. If you meant to send this file then please package it up as a zip file and resend it.
# You might need to remove some of these extensions if you want to allow your user get these files
demime = bat:cmd:com:cpl:pif:reg:scr
##
# Reject messages attach attach a file with a CLSID in the name
# which causes Windows to hide the file extension.
##
deny message = Hiding of file extensions(CLSID hidden) is not allowed.
regex = ^(?i)Content-Disposition:
.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$##
# Add a warning header if email contains illegal extension files but acccept the message
##
warn message = X-Antivirus-Filetype: Infected - $found_extension
# You might need to remove some of these extensions if you want to allow your user get these files
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:
sc:msi:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
##
# Add a warning header if email contains Virus but acccept the message
##
warn message = X-Antivirus-Scanner: Infected - $malware_name
demime = *
malware = */defer_ok
# Accept Sender that usually send a lot of emails to minimize spamd load
accept senders = +rv_spam_sender_address_whitelist
accept hosts = @[]
accept hosts = +rv_relay_hosts
accept authenticated = *
# Messages larger than 200k are accepted without spam scanning to reduce spamd load
accept condition = ${if >{$message_size}{200k}{true}}
##
# Reject spam messages with score over 15.
# Keep in mind that $spam_score_int is the messages score multiplied by ten.
##
deny message = Spam score too high ($spam_score)
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{150}{1}{0}}
##
# Add a warning header if email scored between 12 and 15.
# Delete email in the System Filter File, if sender or receiver is not listed in the whitelists.
##
warn message = X-Exiscan-SA-Spam: Yes
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{120}{1}{0}}
##
# Rewrite subject if email scored between 9 and 15.
##
# Always put X-Spam-Score header in the message.
# It looks like this:
# X-Exiscan-SA-Score: 6.6 (++++++)
# When a MUA cannot match numbers, it can match for an
# equivalent number of '+' signs.
warn message = X-Exiscan-SA-Score: $spam_score ($spam_bar)\
# Put X-Spam-Report header in the message.
# This is a multiline header that informs the user
# which tests a message has "hit", and how much a
# test has contributed to the score.
\nX-Exiscan-SA-Report: $spam_report\
# For the subject tag, we prepare a new subject header in the
# ACL, then swap it with the original Subject in the system filter.
\nX-Exiscan-SA-New-Subject: *SPAM* $h_subject:
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{90}{1}{0}}
accept
3rd of the 3: (nothing)
QUOTE
Questions and problems found:
-------------------
Rules error:
QUOTE
Nov 18 19:57:30 host spamd[30586]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY'
Nov 18 19:57:30 host spamd[30586]: rules: meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score
Nov 18 19:57:30 host spamd[30586]: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2'
Nov 18 19:57:30 host spamd[30586]: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN'
Nov 18 19:57:30 host spamd[30586]: rules: meta test SARE_HEAD_SUBJ_RAND has dependency 'X_AUTH_WARN_FAKED' with a zero score
Nov 18 19:57:30 host spamd[30586]: rules: meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score
Nov 18 19:57:30 host spamd[30586]: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2'
Nov 18 19:57:30 host spamd[30586]: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN'
Nov 18 19:57:30 host spamd[30586]: rules: meta test SARE_HEAD_SUBJ_RAND has dependency 'X_AUTH_WARN_FAKED' with a zero score
spamReport is it right ?
QUOTE
# perl spamReport.pl 0
Exim statistics from 2006-11-18 00:06:22 to 2006-11-18 19:30:41
Grand total summary
-------------------
At least one address
TOTAL Volume Messages Hosts Delayed Failed
Received 20MB 339 167 22 6.5% 99 29.2%
Delivered 15MB 341 24
User Specified Patterns
-----------------------
Total
Total mail blocked:........................................................................
......... 698
Verify sender at SMTP time:.......................................................................... 9
Spam mail blocked by manual blacklist sender at the SMTP time:....................................... 1
Spam mail blocked by manual blacklist host address at the SMTP time:................................. 0
Spam mail blocked by auto black list SA high score at the SMTP time:................................. 0
Spam mail blocked by invalid HELO at the SMTP time:.................................................. 12
Spam mail blocked by setting default address to :fail: at the SMTP time:............................. 104
Spam mail blocked by auto black list after dictionary attack the SMTP time:.......................... 77
Spam mail blocked by RBL at the SMTP time:........................................................... 93
Spam mail blocked by illegal File extension at the SMTP time and discarded after recieving email:.... 1
Spam mail blocked by virus scanner at the SMTP time or discarded after recieving email:.............. 0
Spam mail blocked by SA at the SMTP time or discarded after recieving email:......................... 401
Spam mail discared by SA high score (12-15) after recieving email:................................... 82
Exim statistics from 2006-11-18 00:06:22 to 2006-11-18 19:30:41
Grand total summary
-------------------
At least one address
TOTAL Volume Messages Hosts Delayed Failed
Received 20MB 339 167 22 6.5% 99 29.2%
Delivered 15MB 341 24
User Specified Patterns
-----------------------
Total
Total mail blocked:........................................................................
......... 698
Verify sender at SMTP time:.......................................................................... 9
Spam mail blocked by manual blacklist sender at the SMTP time:....................................... 1
Spam mail blocked by manual blacklist host address at the SMTP time:................................. 0
Spam mail blocked by auto black list SA high score at the SMTP time:................................. 0
Spam mail blocked by invalid HELO at the SMTP time:.................................................. 12
Spam mail blocked by setting default address to :fail: at the SMTP time:............................. 104
Spam mail blocked by auto black list after dictionary attack the SMTP time:.......................... 77
Spam mail blocked by RBL at the SMTP time:........................................................... 93
Spam mail blocked by illegal File extension at the SMTP time and discarded after recieving email:.... 1
Spam mail blocked by virus scanner at the SMTP time or discarded after recieving email:.............. 0
Spam mail blocked by SA at the SMTP time or discarded after recieving email:......................... 401
Spam mail discared by SA high score (12-15) after recieving email:................................... 82
Did i did any configuration wrong at any exim boxes ?
