Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Georges Arnould
CC: exim-users
Subject: Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?
Georges Arnould wrote:
> Hi there,
>
>     I suppose that this has may be been discussed in this list but I just
> subscribed. A forward of an 'answering message' will be fine for me :o)

>
>     I run an exim 3.36 on a backup MX and it seems that some hackers managed
> to bypass the AUTH protection. Yesterday, I received about 6000 mails for
> relay purpose and the sender used auth : "fixed_login:admin" in logs.

>
>     Because of the goal of this computer, I closed the AUTH facilities, but
> here are my questions :

>
>     - Is there something I should know about this problem, like a patch to
> apply ?
>     - Is Exim 4.10 vulnerable to the same problem ?

>
>     Thank's in advance for any helping informations you could send,


I bet your authenticator config is broken, if it can't lookup the
username it will accept anything as password, try it yourself.

Show use your auth-config, and we can help you.

Nico