Am Di den 14. Feb 2012 um 22:22 schrieb Ralph Ballier:
> I found this lines in mainlog:
>
> 2012-02-13 16:25:53 1Rwxmr-0003tG-09 <= havicker@??? H=(User) [4.79.231.188] P=esmtpa A=login S=1695
> 2012-02-13 16:25:54 1Rwxmr-0003tG-09 => 23vbennett@??? R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.65.27]
> 2012-02-13 16:25:54 1Rwxmr-0003tG-09 Completed
There is two thinks I wonder about.
1. You have esmtpa instead of esmtpsa that means that the password of
the authentication is send unencrypted! So everybody on the line can
read it.
2. After A=login there should be the authenticated user. As it is not
shown I presume that you have a but in the authentication part that
lets users login without a user name.
Regards
Klaus
Ps. And 3. you post TOFU, but that's another story.
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
