Hi,
I have found spam has been sent out through our server by authenticated users which don’t exist.. e.g 2014-12-08 22:37:08 1Xy6vT-0006KE-1y SA: Action: Not running SA because SAEximRunCond expanded to false (Message-Id: 1Xy6vT-0006KE-1y). From <[email protected] <mailto:[email protected]>> (host=NULL [195.154.199.164]) for [email protected] <mailto:[email protected]> 2014-12-08 22:37:08 1Xy6vT-0006KE-1y <= [email protected] <mailto:[email protected]> H=(web.de <http://web.de/>) [195.154.199.164] P=esmtpa A=fixed_login:[email protected] <http://e-comlaw.com/> S=2133 [email protected] <mailto:[email protected]> 2014-12-08 22:37:10 1Xy6vT-0006KE-1y => [email protected] <mailto:[email protected]> R=dnslookup T=remote_smtp H=mta1b.swcm.zscloud.net <http://mta1b.swcm.zscloud.net/> [195.65.152.39] X=TLSv1:AES256-SHA:256 C="250 Email accepted successfully (id=5486281510670000)" 2014-12-08 22:37:10 1Xy6vT-0006KE-1y Completed 2014-12-08 10:39:20 1Xxviq-000FQ9-Fz SA: Action: Not running SA because SAEximRunCond expanded to false (Message-Id: 1Xxviq-000FQ9-Fz). From <[email protected] <mailto:[email protected]>> (host=NULL [62.210.205.210]) for [email protected] <mailto:[email protected]>, [email protected] <mailto:[email protected]>, [email protected] <mailto:[email protected]>, [email protected] <mailto:[email protected]> 2014-12-08 10:39:20 1Xxviq-000FQ9-Fz <= [email protected] <mailto:[email protected]> H=(User) [62.210.205.210] P=esmtpa A=fixed_login:[email protected] <http://e-comlaw.com/> S=1688 2014-12-08 10:39:22 1Xxviq-000FQ9-Fz => [email protected] <mailto:[email protected]> R=dnslookup T=remote_smtp H=mta7.am0.yahoodns.net <http://mta7.am0.yahoodns.net/> [66.196.118.37] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 ok dirdel 2/0" 2014-12-08 10:39:22 1Xxviq-000FQ9-Fz -> [email protected] <mailto:[email protected]> R=dnslookup T=remote_smtp H=mta7.am0.yahoodns.net <http://mta7.am0.yahoodns.net/> [66.196.118.37] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 ok dirdel 2/0" 2014-12-08 10:39:22 1Xxviq-000FQ9-Fz => [email protected] <mailto:[email protected]> R=dnslookup T=remote_smtp H=mx01.gmx.com <http://mx01.gmx.com/> [74.208.5.27] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 C="250 Requested mail action okay, completed: id=0LaGW8-1XZGku1oKM-00m6jO" 2014-12-08 10:39:22 1Xxviq-000FQ9-Fz => [email protected] <mailto:[email protected]> R=dnslookup T=remote_smtp H=mx1.hotmail.com <http://mx1.hotmail.com/> [65.54.188.110] X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 C="250 <[email protected] <mailto:[email protected]>> Queued mail for delivery" 2014-12-08 10:39:22 1Xxviq-000FQ9-Fz Completed However, there is no such user as [email protected] <mailto:[email protected]>… If I try to replicate the issue by trying to login with the username I get: 2014-12-11 18:13:45 fixed_plain authenticator failed for (jonathans-imac.home) [86.137.136.132]: 535 Incorrect authentication data ([email protected] <mailto:[email protected]>) I think there must be something wrong with my fixed_login authenticator.. so here it is? fixed_login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = ${lookup mysql{SELECT concat(local_part,'@',domain) FROM MYSQL_AUTHTABLE WHERE (concat(local_part,'@',domain) = '$1' OR email = '$1') AND password='$2'}{1}fail} server_set_id = $1 Can anyone give me any pointers? Jonathan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
