https://bugs.exim.org/show_bug.cgi?id=2250
--- Comment #6 from David Carter <[email protected]> --- > It's a puzzler. The fact that I only seem to see these errors for messages from lists.cam.ac.uk is curious. Actually, no: If I search my logs for the last 28 days I _do_ find some examples involving sending systems other than lists.cam.ac.uk. However only a handful of errors compared to the dozens of errors involving our lists system each day: 2018-02-15 07:45:42 +0000 SMTP syntax error in "RCPT TO:<XXXXX@?am.ac.uk>" H=mr011msr.fastwebnet.it [85.18.95.111]:37122 I=[131.111.8.146]:25 NULL character(s) present (shown as '?') 2018-02-16 16:14:42 +0000 SMTP syntax error in "RCPT TO:[email protected]>" H=mailgate.admin.cam.ac.uk (acn-sophos1.internal.admin.cam.ac.uk) [131.111.150.75]:55429 I=[131.111.8.136]:25 NULL character(s) present (shown as '?') 2018-02-21 12:58:39 +0000 SMTP syntax error in "RCPT TO:<[email protected]>" H=webmail-1a.csi.cam.ac.uk [131.111.9.32]:41818 I=[131.111.8.136]:25 NULL character(s) present (shown as '?') 2018-02-22 13:45:08 +0000 SMTP syntax error in "RCPT TO:<[email protected]>" H=mailgate.admin.cam.ac.uk (megara.internal.admin.cam.ac.uk) [131.111.150.75]:46705 I=[131.111.8.136]:25 NULL character(s) present (shown as '?') 2018-03-05 09:44:46 +0000 SMTP syntax error in "RCPT TO:<[email protected].?k>" H=webmail-1a.csi.cam.ac.uk [131.111.9.32]:37634 I=[131.111.8.136]:25 NULL character(s) present (shown as '?') lists.cam.ac.uk will by far the largest source of bulk email on our network. mailgate.admin.cam.ac.uk is another other obvious source of bulk mailshots. Occasionally people do insist on using our webmail system to send bulk email, regardless of what we tell them. However the examples above do include a single example over the last 28 days of an external system running into the same problem when it tried to send us email. 2018-02-15 07:45:42 +0000 SMTP syntax error in "RCPT TO:<XXXXX@?am.ac.uk>" H=mr011msr.fastwebnet.it [85.18.95.111]:37122 I=[131.111.8.146]:25 NULL character(s) present (shown as '?') That specific message appears to have been spam sent to around 5 expired cam.ac.uk addresses, two existing cam.ac.uk addresses as well as the XXXXX@?am.ac.uk, where XXXX corresponds to an existing account. Unfortunately that seems to be a counter example to the whole "only bulk email is affected" theory, assuming that the spammer hasn't just messed up somehow. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
