Re: [exim] Exim server maillog are flood by spam attemps?

Top Page
Delete this message
Reply to this message
Author: Olaf Hopp
Date:  
To: exim-users
Subject: Re: [exim] Exim server maillog are flood by spam attemps?
On 07/13/2016 12:08 PM, Hardy wrote:
> On 13.07.2016 06:07, Flan AlFlani wrote:
>> My log is flooded with those spam attemps and I wonder if there is a ACL can stop those attemps.
>
> These are not attempts, but successful misuse of your server as an open relay! 1st example:
>



@Hardy:
his server must not be an open relay, since the spam ist delivered via P=esmtpsa
as you can see in his log excerpt.

So it seems to be a compromised account


@Flan:
change/lock the password for faisal.alazemi@???
or (if this is not possible) write at least a condition rule
within your exim authenticator or an ACL rule within acl_smtp_rcpt.
Within your authenticator you may set "server_set_id"
which gives you the login name of the authenticated user.

Regards,
Olaf


--
Karlsruher Institut für Technologie (KIT)
ATIS - Abt. Technische Infrastruktur, Fakultät für Informatik

Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -

Am Fasanengarten 5, Gebäude 50.34, Raum 009
76131 Karlsruhe
Telefon: +49 721 608-43973
Fax: +49 721 608-46699
E-Mail: Olaf.Hopp@???
atis.informatik.kit.edu

www.kit.edu

KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft

Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.