In /var/log/exim/mainlog was two lines related to my hosting account with username "user" and account domain "domain.net". it is claimed to be related to SPAM and i want to ask if you can please explain in detail how to read these log lines so i can find exactly how the site is exploited by the spammer so i can fix this. Thank You messageid1 ** me@gmail.com F=<user@domain.net> R=smart_route T=auth_relay H=smtp.mailchannels.net [52.35.171.68] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end of data: 550 5.7.1 [SS] Blocked. See https://console.mailchannels.net/insights/bounce?auid=*&sender=user%40domain.net&txid=* messageid2 ** me@gmail.com <mymailbox@domain.net> F=<dureotaraletnokoem@cox.net> R=smart_route T=auth_relay H=smtp.mailchannels.net [34.223.74.227] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end of data: 550 5.7.1 [STFWRBL] Blocked. See https://console.mailchannels.net/insights/bounce?auid=*&sender=srs0%3Dnaob51%3Dyx%3Dcox.net%3Ddureotaraletnokoem%40domain.net&txid=* Code (markup):
Are you using cPanel? If yes you can learn how to read it and understanding it here: https://forums.cpanel.net/resources/reading-and-understanding-the-exim-main_log.383/
>> SMTP error from remote mail server after end of data: 550 5.7.1 [SS] Blocked From the above bounced error it appears the remote email server has detected an abuse originating from your email account. The " 550 5.7.1 [SS]" error indicates that the subject line in this/these message(s) contained one or multiple spam-like keywords commonly used on abusive or unsolicited email which caused the remote email filter to block the email.
Thanks, another explanation of the: messageid1 ** me@gmail.com F=<user@domain.net> R=smart_route T=auth_relay H=smtp.mailchannels.net [52.35.171.68] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end of data: 550 5.7.1 [SS] Blocked. See https://console.mailchannels.net/insights/bounce?auid=*&sender=user@domain.net&txid=* Code (markup): here: messageid1 : message id ** : delivery failed; address bounced me@gmail.com : the destination email F=<user@domain.net> : sender address R=smart_route : the router name, here dynamic T=auth_relay : not documented H=smtp.mailchannels.net [52.35.171.68] : host name and IP (of the relay) X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 : TLS cipher suite (the way it was encrypted) CV=yes : certificate verification status SMTP error from remote mail server after end of data : error message 550 : SMTP error code 5.7.1 : Detailed error code [SS] Blocked. See https://console.mailchannels.net/insights/bounce?auid=*&sender=user@domain.net&txid=* : the message provided by the server So what's happening ? You Exim server tries to send a message to me@gmail.com from user@domain.net using an SMTP relay "mailchannels.net" but "mailchannels.net" didn't accept to forward the message because "Blocked". Code (markup):
Since the bounced logs you have provided contains only limited information, for that reason it is not possible to provide a detailed explanation for that log. As mentioned earlier the relay server, smtp.mailchannels.net has blocked the message with an error " 550 5.7.1 [SS]", you may need to check this with mailchannels.net and collect the exact logs from their filter system and it will explain a bit more.