Re: [exim] 419 spammer - Help with AUTH ACL

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim-users
Subject: Re: [exim] 419 spammer - Help with AUTH ACL
On Mon, 2009-06-01 at 14:55 +0200, Thomas kinghorn wrote:
> My server is currently being used, via a compromised account, to send junk
> to various freemail accounts.


There is only one thing you can do here to stop this from happening, and
that is to change the account's password immediately and wait for the
customer to contact you by phone with some verifiable credentials.

The longer you leave the account open, even with clever ACL tricks, the
longer your systems are open to abuse. And if you alert the scammer to
the fact that you know the account is compromised, what is to stop them
contacting you to get the password changed?

It might seem brutal, but changing the password to something random so
the account is inaccessible is the only secure way to deal with this.

Graeme