On 08/06/2011 06:51 PM, Sam Varshavchik wrote: > Andrew C Burnette writes: > >> Hi all, >> >> (and thanks Mr. Sam for the awesome MTA software on my server for close >> to a decade now!) >> >> I get examples like this in my log file: >> >> Aug 6 11:38:04 localhost courierd: >> newmsg,id=00B1E707.4E3D5FCE.0000673E, auth=backup: dns; User >> ([202.109.133.181]) >> >> which invariably turns out to be a successful attempt to relay spam > > Do you have a system userid named "backup"? > > As in your /etc/passwd file.
Thanks! Actually, I did, discovered and removed it an hour after writing my request, and no more problem. Interesting attack vector. time for a "system installed" user cleanup definitely. I also believe I had removed (authpam) from prior installation's configuration. Will look to repeat that again, as userdb.dat contains all I need. thanks for the assistance. andy ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
