Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Frank S. Bernhardt
Datum:  
To: Georges Arnould
CC: exim-users
Betreff: Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?
Ok. If you've been re-tested and given a clean bill of health then the
next thing I can think of is that your passwords have been compromised.
If you are getting spammed on an on-going basis, try changing your
passwords. Unfortunately I deleted the previous messages in this thread
so I can't reference your auth code.

Another thought, is there a way in which you can log the user-ids and
passwords used for relaying? Maybe that will tell you something. Doesn't
exim's logfile show who needs authentication? What does the logfile show?

Georges Arnould wrote:
>>Just a thought, but are you sure that the relay came from outside your
>>sub-net? Is it possible that one of your internal systems was
>>compromised in some way and that the internal system was used to send
>>out the spam?
>
>
> Nope : the spammers came from all over the world ... It seems that I have
> progressively been discovered : a "huge spammer" (1600+ messages) came from
> an IP, then others arrived and started to flood ... I never had spam before
> : never received a single abuse (abuse@ routed to me and juste re-tested
> :-)). Within one hour, I received 10 spammers that suddenly manage to send
> mail through my system. My MTA could be misconfigured, but I am surprised
> that so many spammers manage to bypass AUTH within a so short time !
>
> Georges
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>


--

Regards

Frank S. Bernhardt
b.c.s.i.
14 Halton Court
Markham, ON.
L3P 6R3

905-471-1691 Voice
905-471-3016 FAX

frank@???