If the gw.ourdomain.tld is listed as authorized relayer in exim4 config, authentication isn't needed. Check the configuration that relaying is not authorized for gw.ourdomain.tld
Best thing you can do is to restrict so BOTH an authorized IP *AND* a password is required to be authorized to relay, thus you also run clear of all those password-cracking robots out there. -----Ursprungligt meddelande----- Från: Exim-users <[email protected]> För Odhiambo Washington via Exim-users Skickat: den 24 september 2019 09:49 Till: exim users <[email protected]> Ämne: [exim] Unstoppable spam Hi all, One particular account on my server has been used to send spam repeatedly. I have changed the account's password so many times now that I believe this spam is not actually using their password for ASMTP, but probably a hole on the system which I am not able to detect. I am requesting for a 3rd to help me figure out how this could be happening. The header below is from one such spam. What weakness(es) is the spammer likely abusing? Return-Path: <[email protected]> Envelope-to: [email protected] Delivery-date: Mon, 23 Sep 2019 19:05:01 +0300 Authentication-Results: gw.ourdomain.tld;iprev=fail smtp.remote-ip=5.61.42.174;auth=pass (PLAIN) [email protected];dmarc=skipped header.from=ourdomain.tld Received: from [5.61.42.174] (helo=[127.0.0.1]) by gw.ourdomain.tld with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) (envelope-from <[email protected]>) id 1iCQpf-0002zI-7B for [email protected]; Mon, 23 Sep 2019 19:05:01 +0300 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0010_01D572B4.9D8D2390" From: <[email protected]> To: <[email protected]> Subject: =?utf-8?Q?Message_has_been_disinfected_:Yo?= =?utf-8?Q?ur_order_=E2=84=965634_is_ready_for_the_?= =?utf-8?Q?transporting?= Message-ID: <[email protected]> Date: Mon, 23 Sep 2019 16:04:50 +0000 MIME-Version: 1.0 X-Scanned-By: unscanned primary on gw.ourdomain.tld (41.57.X.X); Mon, 23 Sep 2019 19:05:01 +0300 X-MimeOLE: Produced By Microsoft MimeOLE X-Spam-Flag: NO -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
