Re: [exim] Am I Hacked?

Top Page
Delete this message
Reply to this message
Author: Rick Lutowski
Date:  
To: Wakko Warner
CC: exim-users
Subject: Re: [exim] Am I Hacked?
Wakko Warner wrote:
> Heiko Schlittermann wrote:
>
>>Rick Lutowski <rick@???> (Do 04 Jan 2007 18:11:34 CET):
>>
>>>Is there any way to disable the kind of access he
>>>demonstrated without compromising normal exim
>>>operation?
>>
>>I'm not sure if in Exim 3.x you could reject unknown users already at
>>SMTP time, but if you'd upgrade to Exim 4.x: you can.
>>(AFAIR Debians install script tries to convert the config, but I'm not
>>sure, so be prepared to be challenged :))
>
>
> IIRC, Exim 3.x can reject unknown recipients at SMTP time, I forget the
> version but I do recall this. I was late on upgrading, but that was years
> ago! =)
>
> Given this, I'd highly recommend that he not place his SMTP server back
> online until he has a basic understanding of what is going on. Converting
> his current to v4.x config will pretty much give him the same vulnerability
> (This is an assumption, but, as stated, you shouldn't rely solely on convert
> script to generate a corretly working config)
>



Upgrading to v4 is obviously a good idea. Seems there is a
risk the deb install scripts may not produce a working system
without some manual config tho. This is important info to
know -- tells me how to approach an upgrade.

Am also getting the idea that the exim log files will say if I am
sending spam or not. However, I do not have enough exim insight
at this point to determine this myself. If one of you is willing
to look at a sample of my logs and coach me as to what to look
for, please contact me outside the mail list. Would appreciate it.

--
Rick Lutowski, GRI, REALTOR
Greg Doering & Associates
Keller Williams Realty
rick@???
512-461-1456
I Reward Referrals