Good afternoon all.
Please forgive me if I am asking a stupid question.
My server is currently being used, via a compromised account, to send junk
to various freemail accounts.
An extract of the message looks like:
208P Received: from [125.76.228.201] (helo=User)
by smtp01.gennex.co.za with esmtpa (Exim 4.69)
id 1MB4KF-000Nhu-W3 by authid <smith1@???> with
login_authenticator; Mon, 01 Jun 2009 12:01:36 +0200
041R Reply-To: <songlile.private00@???>
056F From: "Mr. Song Lile"<songlile.private012@???>
228 Subject: Good Day,I am LILE, I work with the Hangs bank,I need your
assistance in effecting a transaction worth $19.5m I intend to give 30% of
the total funds as compensation for your assistance. Full names,Private
phone number
If I were to create a list of compromised accounts (until we can get the
users to use decent passwords), how would I go about this
as everything I have tried thus far has failed.
I was thinking of something along these lines:
# ACL MACRO
# authenticated id {$authenticated_id}
ACL_C_AUTHID = acl_c_authid
# Connect phase #
acl_check_connect:
#Set ACL for AUTHID
warn
condition = ${if
match{$authenticated_id}{lsearch;/usr/local/etc/exim/reject/rejected_authid}}
set ACL_C_AUTHID = Yes
# Compromised Accounts
deny
message = '$authenticated_sender' classified as compromised -
Please change your account password
condition = ${if eq {$ACL_C_AUTHID}{Yes}}
logwrite = :main: Compromised Account: $authenticated_sender
The list rejected_authid would contains the email addresses of the
compromised accounts.
Many thanks in advance for your assistance.
regards
Tom
(exim wannabe)
