Thomas kinghorn wrote: > Good afternoon all. > > Please forgive me if I am asking a stupid question. > > My server is currently being used, via a compromised account, to send junk > to various freemail accounts. > > An extract of the message looks like: > > 208P Received: from [125.76.228.201] (helo=User) > by smtp01.gennex.co.za with esmtpa (Exim 4.69) > id 1MB4KF-000Nhu-W3 by authid <[email protected]> with > login_authenticator; Mon, 01 Jun 2009 12:01:36 +0200 > 041R Reply-To: <[email protected]> > 056F From: "Mr. Song Lile"<[email protected]> > 228 Subject: Good Day,I am LILE, I work with the Hangs bank,I need your > assistance in effecting a transaction worth $19.5m I intend to give 30% of > the total funds as compensation for your assistance. Full names,Private > phone number > > If I were to create a list of compromised accounts (until we can get the > users to use decent passwords), how would I go about this > as everything I have tried thus far has failed. > > I was thinking of something along these lines: > > # ACL MACRO > > # authenticated id {$authenticated_id} > ACL_C_AUTHID = acl_c_authid > > > # Connect phase # > acl_check_connect: > > #Set ACL for AUTHID > warn > condition = ${if > match{$authenticated_id}{lsearch;/usr/local/etc/exim/reject/rejected_authid}} > set ACL_C_AUTHID = Yes > > > # Compromised Accounts > deny > message = '$authenticated_sender' classified as compromised - > Please change your account password > condition = ${if eq {$ACL_C_AUTHID}{Yes}} > logwrite = :main: Compromised Account: $authenticated_sender > > The list rejected_authid would contains the email addresses of the > compromised accounts. > > Many thanks in advance for your assistance.
It looks like you're trying to check the authentication details in acl_smtp_connect ... At that point in the smtp transaction no authentication has taken place. Move your checks into acl_smtp_rcpt. -- Mike Cardwell - IT Consultant and LAMP developer Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
