On Sun, Jun 23, 2019 at 07:37:37PM +0200, Heiko Schlittermann via Exim-users wrote: > It *seems* that the attackers test for the Exim version in the SMTP
> banner. In servers having 4.92 I do not see as many attempts as on
> 4.87->4.91. But there may be other things influencing this.
I have 4 external relays for my company with custom greeting message
which has no word "Exim" and no version. No breaking attempts logged
up to 16.06.2019, since this date logs have records about probes
with prefix "root+": <root+${run{...}@...>.
--
Eugene Berdnikov