I am seeing some spam going through my server, but I am not sure what
method is being used by the spammer:
exim -Mvh 1gw0Ng-0002NF-1H
1gw0Ng-0002NF-1H-H
mailnull 26 26
<malamala@???>
1550563436 0
-received_time_usec .039642
-helo_name [192.6.3.50]
-host_address 74.142.119.226.1591
-host_name rrcs-74-142-119-226.central.biz.rr.com
-host_auth plain
-interface_address 192.168.55.254.587
-active_hostname gw.crownkenya.com
-received_protocol esmtpsa
-aclc _authnomail 1
0
-aclc _authhash 3
659
-aclm _flag 3
yes
-aclm _bu_mxhost 1
0
-aclm _interface 13
41.57.103.122
-aclm _helo_data 17
gw.crownkenya.com
-aclm _interface_opt 10
primary on
-body_linecount 593
-max_received_linelength 91
-auth_id malamala@???
-tls_cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
-tls_ourcert -----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----\n
XX
1
sklep@???
221 Authentication-Results: gw.crownkenya.com;
iprev=pass (rrcs-74-142-119-226.central.biz.rr.com)
smtp.remote-ip=74.142.119.226;
auth=pass (PLAIN) smtp.auth=malamala@???;
dmarc=skipped header.from=crownkenya.com
301P Received: from rrcs-74-142-119-226.central.biz.rr.com
([74.142.119.226] helo=[192.6.3.50])
by gw.crownkenya.com with esmtpsa
(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.92)
(envelope-from <malamala@???>)
id 1gw0Ng-0002NF-1H
for sklep@???; Tue, 19 Feb 2019 11:03:56 +0300
038 Date: Tue, 19 Feb 2019 03:05:17 -0500
055F From: Telekom Deutschland GmbH <malamala@???>
024T To: sklep@???
080I Message-Id: <
k36sQSO1VWNYuDJOpX1EYmOhG9t1YiKxzqOWEs8OEQroygBI8DQ@???>
071 Subject: RechnungOnline Monat Februar 2019 (Buchungskonto: 3161865237)
018 MIME-Version: 1.0
090 Content-Type: multipart/mixed;
boundary="----=_Part_53239_3824523973.3915032881572782219"
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)