On 19/06/06, Asbjorn Aarrestad <[EMAIL PROTECTED]> wrote: > Hi! > > I'm running Exim 4.43 on my server, and have regulary tested is for > relaying issues (www.abuse.net/relay.html). The tests always return that > my server does not relay > > However, I found this log: > > 2006-06-18 03:55:23 1FrmVR-0005Py-1e <= [EMAIL PROTECTED] > H=(ameillpu-7jat6i) [ -- IP -- ] P=esmtpa A=login:webmaster S=294 R=dnslookup > T=remote_smtp H=ameill1.3322.org [-- IP --] X=TLSv1:AES256-SHA:256 > 2006-06-18 03:55:34 1FrmVR-0005Py-1e Completed >
Yes. looks like they're using the 'webmaster' account to authenticate against your Exim server, and your setup allows authenticated users to relay. Change the password for 'webmaster' (in whatever backend you're using for SMTP authentication), see if it goes away. Also, check that you haven't got a vulnerable authentication setup which allows blank passwords to successfully authenticate - Google should find this info for you. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
