Re: [exim] Unstoppable spam

Top Page
This message is part of the following thread:
M-+\the complete thread tree sorted by date
M\MMSebastian Nielsen at <-
MMJasen Betts at ->
Delete this message
Reply to this message
Author: Marius Schwarz
Date:  
To: Odhiambo Washington, Odhiambo Washington via Exim-users, exim users
Subject: Re: [exim] Unstoppable spam
Looks like "5.61.42.174" gets spammed via webmail (127.0.0.1) or got hacked and spams via script. Check that system.

Am September 24, 2019 7:40:07 AM UTC schrieb Odhiambo Washington via Exim-users <exim-users@???>:
>Hi all,
>
>One particular account on my server has been used to send spam
>repeatedly.
>I have changed the account's password so many times now that I believe
>this
>spam is not actually using their password for ASMTP, but probably a
>hole on
>the system which I am not able to detect.
>I am requesting for a 3rd to help me figure out how this could be
>happening.
>
>The header below is from one such spam.
>
>What weakness(es) is the spammer likely abusing?
>
>Return-Path: <benson.kuria@???>
>Envelope-to: daniel.owino@???
>Delivery-date: Mon, 23 Sep 2019 19:05:01 +0300
>Authentication-Results: gw.ourdomain.tld;iprev=fail
>smtp.remote-ip=5.61.42.174;auth=pass (PLAIN)
>smtp.auth=benson.kuria@???;dmarc=skipped
>header.from=ourdomain.tld
>Received: from [5.61.42.174] (helo=[127.0.0.1]) by gw.ourdomain.tld
>with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2)
>(envelope-from <benson.kuria@???>) id 1iCQpf-0002zI-7B for
>daniel.owino@???; Mon, 23 Sep 2019 19:05:01 +0300
>Content-Type: multipart/mixed;
>                boundary="----=_NextPart_000_0010_01D572B4.9D8D2390"
>From: <benson.kuria@???>
>To: <daniel.owino@???>
>Subject: =?utf-8?Q?Message_has_been_disinfected_:Yo?=
>                =?utf-8?Q?ur_order_=E2=84=965634_is_ready_for_the_?=
>                =?utf-8?Q?transporting?=
>Message-ID: <4d95a1b3-5c91-471e-5b9e-f8fe7aa1cd9b@???>
>Date: Mon, 23 Sep 2019 16:04:50 +0000
>MIME-Version: 1.0
>X-Scanned-By: unscanned primary on gw.ourdomain.tld (41.57.X.X); Mon,
>23 Sep 2019 19:05:01 +0300
>X-MimeOLE: Produced By Microsoft MimeOLE
>X-Spam-Flag: NO

>
>
>
>
>--
>Best regards,
>Odhiambo WASHINGTON,
>Nairobi,KE
>+254 7 3200 0004/+254 7 2274 3223
>"Oh, the cruft.", grep ^[^#] :-)
>--
>## List details at https://lists.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://wiki.exim.org/

--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Content scanning and non-MIME messagesRe: [exim] Unstoppable spam->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)