On Wed, 2010-09-08 at 19:33 +0200, Juergen Edner wrote:
> thank you for that hint. Unfortunately it's not always the same
> IP address. Based on a friends log file 145 different addresses
> have been used until now.
> One my friends pointed me to the following thread which exactly
> describes the same problem:
>
> http://blog.windfluechter.net/content/getting-hit-spammer-exim
You did see this reply, didn't you?
http://lists.exim.org/lurker/message/20100907.201156.8e7345b2.en.html
The problem here is that there's a plethora of pages describing Exim
configuration out there, most of which are nothing whatsoever to do with
Exim itself having been put there by enthusiasts - not that there's
anything wrong with this.
However, if someone put up something with a corner case like you have,
and it became widely accepted, then spammers are going to learn sooner
or later that trying an invalid user with a NULL password might work.
I'll make a point of checking the docs and the wiki to ensure it isn't
coming from here, but you need to make the changes described above.
In terms of it being a "bug" - it isn't. It's a misconfiguration, and
now we need to determine where that came from.
Graeme