Author: Frank S. Bernhardt Date: To: Georges Arnould CC: Nico Erfurth, exim-users Subject: Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?
Just a thought, but are you sure that the relay came from outside your
sub-net? Is it possible that one of your internal systems was
compromised in some way and that the internal system was used to send
out the spam?
Georges Arnould wrote: >>in general you should verify that you lookup SOME password, I used
>>server_condition = "${if eq\
>> {${lookup{$1}lsearch{/usr/local/exim/etc/trusted_users}{$value}fail}}\
>> {$2} {yes}{no}}"
>>to make sure that the expansion fails if the lookup wasn't successful.
>
>
> Well, I tried my syntax by using an inexistant user, and the AUTH blocked my
> sending request. Meaning : when I try to use an unexistant user for login,
> the AUTH is rejected and the mail is not send. But a guy managed to put
> about 6000 mails in my spools with an unexistant user. That's why I wonder
> if the guy used some kind of "prepared base64 data stream" to force my
> system to accept his spam.
>
> Thank's for your help !
>
> Georges
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
--
Regards
Frank S. Bernhardt
b.c.s.i.
14 Halton Court
Markham, ON.
L3P 6R3
