Yesterday I had a new spammer break in, but now there was entries in the mainlog in the form
A=login:anonymous In this way I found an entry in LDAP with password anonymous . Then I deleted this entry and hope that spam has finished. But we have some hundred user. What can I do against such abuse, if somebody loose username and password? Is it possible to limit the number of mails from one unser per minute or so? Ralph ----------------ursprüngliche Nachricht----------------- Von: "Ralph Ballier" [email protected] An: "exim-users exim.org" [email protected] Datum: Wed, 15 Feb 2012 06:34:57 +0100 ------------------------------------------------- > I have inserted the line > > server_set_id = $auth1 > > in configure and now it works. I can see the username > > A=login:<username> > > But now I have no spammer :-)) > > ----------------ursprüngliche Nachricht----------------- > Von: "Todd Lyons" [email protected] > An: "Ralph Ballier" [email protected] > Kopie: "exim-users exim.org" [email protected] > Datum: Tue, 14 Feb 2012 13:51:32 -0800 > ------------------------------------------------- > > >> On Tue, Feb 14, 2012 at 1:22 PM, Ralph Ballier >> [email protected] wrote: >>> >>> I found this lines in mainlog: >>> >>> 2012-02-13 16:25:53 1Rwxmr-0003tG-09 <= [email protected] H=(User) >>> [4.79.231.188] P=esmtpa A=login S=1695 >>> I think, this is relaying. >>> There is the string A=login >>> Do you mean, this is the user name? But I mean, we have not a user named >>> "login". >> >> Below is what my logs look like when a user authenticates. Notice how >> the username they authenticated with is part of the A=login: string. >> >> 2012-02-14 04:30:47 1RxA2N-0003kh-WD <= [email protected] >> H=c-66-41-183-88.hsd1.mn.comcast.net (OwnerPC) [66.41.183.88] P=esmtpa >> A=login:[email protected] S=4046 >> id=2406A9DA978B495387CD35DA5E43D270@OwnerPC >> >> It kinda sounds like you have a bug in your authentication >> configuration in that it allows the smtp auth to complete without a >> username. Please post your authenticator section, specifically the >> "login" authenticator. >> >> ...Todd >> -- >> SOPA: Any attempt to [use legal means to] reverse technological >> advances is doomed. --Leo Leporte >> >> >> > > -- > Systemsignatur > -- Systemsignatur -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
