[Exim] Spammers using SMTP Auth

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Adam Moffett
Datum:  
To: exim-users
Betreff: [Exim] Spammers using SMTP Auth
Just a little warning about spammer's trickery.

Apparently I've relayed 250,000 or so spam emails this month.

We had a user named "test" with a password of "test"...the account
belonged to a real customer, and the spammer(s) were authenticating as
this user.

One example:
2003-10-22 00:39:21 1ACAlz-0005uc-Cv <= ayaa@???
H=(smtp0632.mail.yahoo.com) [61.11.80.192] P=asmtp
A=plaintext_login:test S=4029
2003-10-22 00:39:45 1ACAlz-0005uc-Cv => lucas_81_au@???
R=dnslookup T=remote_smtp H=mx2.mail.yahoo.com [64.156.215.6]
2003-10-22 00:39:56 1ACAlz-0005uc-Cv Completed

We haven't been requiring email users to have strong passwords, we
thought since they aren't real users on the server that they really
couldn't do much damage to us by having a weak password (only to
themselves)....but we're considering having a strong password policy now.