On 19/06/06, Asbjorn Aarrestad <asbjorn@???> wrote:
> Hi!
>
> I'm running Exim 4.43 on my server, and have regulary tested is for
> relaying issues (www.abuse.net/relay.html). The tests always return that
> my server does not relay
>
> However, I found this log:
>
> 2006-06-18 03:55:23 1FrmVR-0005Py-1e <= mm2@???
> H=(ameillpu-7jat6i) [ -- IP -- ] P=esmtpa A=login:webmaster S=294
R=dnslookup
> T=remote_smtp H=ameill1.3322.org [-- IP --] X=TLSv1:AES256-SHA:256
> 2006-06-18 03:55:34 1FrmVR-0005Py-1e Completed
>
Yes. looks like they're using the 'webmaster' account to authenticate
against your Exim server, and your setup allows authenticated users to
relay.
Change the password for 'webmaster' (in whatever backend you're using
for SMTP authentication), see if it goes away.
Also, check that you haven't got a vulnerable authentication setup
which allows blank passwords to successfully authenticate - Google
should find this info for you.
Peter
--
Peter Bowyer
Email: peter@???