[Exim] Broken in...

Top Page
Delete this message
Reply to this message
Author: Gururajan Ramachandran
Date:  
To: exim-users
Subject: [Exim] Broken in...
Hello,

It seems someone found a hole in our Exim 3.12 system over the weekend and
started using our email server to relay junk email. The turning off relay was already
in place. They found some other hole by using a specific username. I have had to
turn off this username via the system filter to temporarily disable the stream of email
filling up the mail queue. Now the log has a whole bunch of messages that looks like
this:

2002-07-15 13:30:42 17U9gI-0000uU-00 <= user@ourdomain U=user P=local S=1168
2002-07-15 13:30:42 17U9gI-0000uU-00 => discarded (message_filter)
2002-07-15 13:30:42 17U9gI-0000uU-00 Completed

I have changed the actual username and domain but the general idea should be clear.

The problem is that it does not list sending host or any other info. I do not have enough
knowledge to figure out how to track down where this stuff is coming from...

Does anybody know how I can shut this off? It seems the Exim system thinks these
emails are actually being generated locally?

I found the "forbid_domain_literals" option and set it to true and restarted the Exim 3.12
but maybe that was not the solution.

Please help as I need to make this username accessible again as internal automated emails
are generated via username.

Thanks,

Guru