I have a question about exim_mainlog.
I am currently investigating a server that was used to send out spam. The log is full of messages (about 12 per min) that read;
2012-04-04 11:42:55 1SFNfz-0005Nv-EN => user R=localuser T=local_delivery
I have omitted the domain and user.
Does this log indicate that this server is not sending mail, but receiving mail from some other source?
Best Answer
That log means that the message ID
1SFNfz-0005Nv-EN
was routed through thelocaluser
router and ultimately delivered via thelocal_delivery
transport.Without looking at your config in detail, it's impossible to know what exactly happened, but unless you've changed a lot, it's fairly safe to say that the mail was sent to
user@example.com
whereuser
is an actual user on your mailserver, andexample.com
is a local domain for exim to deliver to.