[Exim] how did I screw up?

Ouch.

I got home tonight, only to find one of our boxes have been relaying
spam for the past two days. A quick scan of the logs, and I noticed
that there were blank auths being done to one of my authenticators. I
commented out the authenticator, rm -Rf'd my mailqueue, and restarted,
and all was good.

However, I want to know what went wrong. The second authenticator, the
one that was commented out, was the one getting abused:

begin authenticators

plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if eq
{${lookup{$2}lsearch{/etc/exim/auth.users}{$value}}} {$3} {yes}{no}}"
server_set_id = $2

#login:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# server_condition = "${if eq
{${lookup{$1}lsearch{/etc/exim/auth.users}{$value}}} {$2} {yes}{no}}"
# server_set_id = $2

here is some of the log entries:

2003-06-16 06:50:29 19RfOB-0007WV-7L <= ytu5478@???
H=(smtp0100.mail.yahoo.com) [211.169.249.120] P=asmtp A=login: S=4434
2003-06-16 06:50:46 19RfOb-0007WV-Du <= dijngf4521@???
H=(smtp0100.mail.yahoo.com) [211.169.249.120] P=asmtp A=login: S=4426

plus more of the same.

Anyone able to tell my where I have erred?

Thanks,

Nathan.

--
You can keep trying, drown in sleep to be flying
See for Miles, something that I wanted to be
I can't wake this dream, prototype ends up has been
Incomplete, the consequence of something to be