Re: [exim] Did they manage to relay?

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim users
Subject: Re: [exim] Did they manage to relay?
On 19/06/06, Asbjorn Aarrestad <asbjorn@???> wrote:
> Hi!
>
> I'm running Exim 4.43 on my server, and have regulary tested is for
> relaying issues (www.abuse.net/relay.html). The tests always return that
> my server does not relay
>
> However, I found this log:
>
> 2006-06-18 03:55:23 1FrmVR-0005Py-1e <= mm2@???
> H=(ameillpu-7jat6i) [ -- IP -- ] P=esmtpa A=login:webmaster S=294

R=dnslookup
> T=remote_smtp H=ameill1.3322.org [-- IP --] X=TLSv1:AES256-SHA:256
> 2006-06-18 03:55:34 1FrmVR-0005Py-1e Completed
>


Yes. looks like they're using the 'webmaster' account to authenticate
against your Exim server, and your setup allows authenticated users to
relay.

Change the password for 'webmaster' (in whatever backend you're using
for SMTP authentication), see if it goes away.

Also, check that you haven't got a vulnerable authentication setup
which allows blank passwords to successfully authenticate - Google
should find this info for you.

Peter

--
Peter Bowyer
Email: peter@???