[exim] 419 spammer - Help with AUTH ACL

Góra strony
Delete this message
Reply to this message
Autor: Thomas kinghorn
Data:  
Dla: exim-users
Temat: [exim] 419 spammer - Help with AUTH ACL
Good afternoon all.

Please forgive me if I am asking a stupid question.

My server is currently being used, via a compromised account, to send junk
to various freemail accounts.

An extract of the message looks like:

208P Received: from [125.76.228.201] (helo=User)
        by smtp01.gennex.co.za with esmtpa (Exim 4.69)
        id 1MB4KF-000Nhu-W3 by authid <smith1@???> with
login_authenticator; Mon, 01 Jun 2009 12:01:36 +0200
041R Reply-To: <songlile.private00@???>
056F From: "Mr. Song Lile"<songlile.private012@???>
228  Subject: Good Day,I am LILE, I work with the Hangs bank,I need your
assistance in effecting a transaction worth $19.5m I intend to give 30% of
the total funds as compensation for your assistance. Full names,Private
phone number


If I were to create a list of compromised accounts (until we can get the
users to use decent passwords), how would I go about this
as everything I have tried thus far has failed.

I was thinking of something along these lines:

# ACL MACRO

# authenticated id {$authenticated_id}
ACL_C_AUTHID          = acl_c_authid



# Connect phase #
acl_check_connect:

#Set ACL for AUTHID
warn
condition = ${if
match{$authenticated_id}{lsearch;/usr/local/etc/exim/reject/rejected_authid}}
set ACL_C_AUTHID = Yes


# Compromised Accounts
   deny
     message          = '$authenticated_sender' classified as compromised -
Please change your account password
     condition          = ${if eq {$ACL_C_AUTHID}{Yes}}
     logwrite            = :main: Compromised Account: $authenticated_sender


The list rejected_authid would contains the email addresses of the
compromised accounts.

Many thanks in advance for your assistance.

regards

Tom
(exim wannabe)