Hi All,
Debian squeeze, Exim4 4.
On Sunday 02/05 we had a spammer send through one of our mail servers.
This server does not allow any relaying, and has a pgsql login config as
follows;
pgsql_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = \
${if and {{eq{$1}{${lookup pgsql \
{SELECT userid || '@' || domain FROM fn_mail_user_get_active_smtp ('${quote_pgsql:$1}')}}}}\
{eq{$2}{${lookup pgsql\
{SELECT password FROM fn_mail_user_get_active_smtp ('${quote_pgsql:$1}')}}}}}{yes}{no}}
server_set_id = $1
An example of one of the spam mails being sent out shows in the log as
follows; note that instead of rejecting the login it just shows as
blank.
1O8epJ-0006Ft-Sj <= nlexluon@??? H=(geembr.com) [59.35.97.251] P=esmtpa A=pgsql_login: S=2743
id=d5d9f8280c874dbe93f0564fd56a8d83@fb9d2058f7ab4242ae7bbe23bd70bf11
I've tested myself with blank user/pass and it shows an authentication
failure as it should -- how are they getting through here?? Any help
appreciated.
Thanks,
Mark
