Autor: Oliver Heesakkers Datum: To: exim-users Betreff: Re: [exim] Open relay?
Op di 14 feb 2012 15:43:00 schreef Ralph Ballier: > Hello,
>
> one of my server with exim 4.77 seems to be an open relay, but I mean I had
> configured all right. I use smtp authentication and suppose, that hackers
> had found out username and password of a legal user. Is it possible to
> logging all information floating from mail client to server? I hope to get
> the username which give access to the server.
>
> Or do you mean, there is an other reason for open relay?
>
> Raba
The login name and authorisation _is_ logged in the standard configuration
(the string preceded with 'A='). Also in standard configuration your box would
not be an open relay.
If no 'A=' string is present in the log for the outgoing mail, you might want
to check is there is a 'U=' string which would signify that a user is
submitting these mails locally (website, compromised local user).
Some snippets from you log would help us greatly in any further investigation.