Hi,
I've got some nasty spammer managing to send spam via my mail server by somehow authenticating as root (if I understand the logs correctly): Jun 15 22:56:04 hostname courierd: newmsg,id=000000000034D6E2.00000000557F9043.00005D5F, auth=root: dns; User (x.x-x-x.rdns.scalabledns.com [::ffff:x.x.x.x]) My authdaemon (latest version: 0.66.2) is configured with pam and ldap (LOGIN auth only): but there is *no* password set for the root user (it's RSA identity only). It would seem quite impossible that this user really can be authenticated as root. Since they are authenticated, it seems I cannot simply block the IP via smtpaccess. This user has caused the mail server to be on a number of blacklists and these spam messages (along with legitimate traffic) are filling up mail queues with multiple failed delivery attempts. Even setting ESMTP_BLOCKBACKSCATTER to include authsmtp/dsn in courierd (latest version: 0.74.2) configuration isn't actually stopping this. Whatsmore attempting cancelmsg (and I'm getting some thousands of these) to flush the queue is proving pointless: because of the blacklisting no DSN is going to get through to the recipient (spoofed that it is). It would be great if there was an additional option in cancelmsg simply to remove the msgid from the queue - with no DSN processing at all. I'm having to stop courier and manually delete all the msgs/msgq files. Any thoughts upon how I can stop this miscreant sending mail would be greatly appreciated. Alan
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
