[Exim] Spammers using SMTP Auth

Top Page
Delete this message
Reply to this message
Author: Adam Moffett
Date:  
To: exim-users
Subject: [Exim] Spammers using SMTP Auth
Just a little warning about spammer's trickery.

Apparently I've relayed 250,000 or so spam emails this month.

We had a user named "test" with a password of "test"...the account
belonged to a real customer, and the spammer(s) were authenticating as
this user.

One example:
2003-10-22 00:39:21 1ACAlz-0005uc-Cv <= ayaa@???
H=(smtp0632.mail.yahoo.com) [61.11.80.192] P=asmtp
A=plaintext_login:test S=4029
2003-10-22 00:39:45 1ACAlz-0005uc-Cv => lucas_81_au@???
R=dnslookup T=remote_smtp H=mx2.mail.yahoo.com [64.156.215.6]
2003-10-22 00:39:56 1ACAlz-0005uc-Cv Completed

We haven't been requiring email users to have strong passwords, we
thought since they aren't real users on the server that they really
couldn't do much damage to us by having a weak password (only to
themselves)....but we're considering having a strong password policy now.