Re: [exim] Unstoppable spam

Tue, 24 Sep 2019 01:22:11 -0700 

Looks like "5.61.42.174" gets spammed via webmail (127.0.0.1) or got hacked and 
spams via script. Check that system.

Am September 24, 2019 7:40:07 AM UTC schrieb Odhiambo Washington via Exim-users 
<[email protected]>:
>Hi all,
>
>One particular account on my server has been used to send spam
>repeatedly.
>I have changed the account's password so many times now that I believe
>this
>spam is not actually using their password for ASMTP, but probably a
>hole on
>the system which I am not able to detect.
>I am requesting for a 3rd to help me figure out how this could be
>happening.
>
>The header below is from one such spam.
>
>What weakness(es) is the spammer likely abusing?
>
>Return-Path: <[email protected]>
>Envelope-to: [email protected]
>Delivery-date: Mon, 23 Sep 2019 19:05:01 +0300
>Authentication-Results: gw.ourdomain.tld;iprev=fail
>smtp.remote-ip=5.61.42.174;auth=pass (PLAIN)
>[email protected];dmarc=skipped
>header.from=ourdomain.tld
>Received: from [5.61.42.174] (helo=[127.0.0.1]) by gw.ourdomain.tld
>with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2)
>(envelope-from <[email protected]>) id 1iCQpf-0002zI-7B for
>[email protected]; Mon, 23 Sep 2019 19:05:01 +0300
>Content-Type: multipart/mixed;
>                boundary="----=_NextPart_000_0010_01D572B4.9D8D2390"
>From: <[email protected]>
>To: <[email protected]>
>Subject: =?utf-8?Q?Message_has_been_disinfected_:Yo?=
>                =?utf-8?Q?ur_order_=E2=84=965634_is_ready_for_the_?=
>                =?utf-8?Q?transporting?=
>Message-ID: <[email protected]>
>Date: Mon, 23 Sep 2019 16:04:50 +0000
>MIME-Version: 1.0
>X-Scanned-By: unscanned primary on gw.ourdomain.tld (41.57.X.X); Mon,
>23 Sep 2019 19:05:01 +0300
>X-MimeOLE: Produced By Microsoft MimeOLE
>X-Spam-Flag: NO
>
>
>
>
>-- 
>Best regards,
>Odhiambo WASHINGTON,
>Nairobi,KE
>+254 7 3200 0004/+254 7 2274 3223
>"Oh, the cruft.", grep ^[^#] :-)
>-- 
>## List details at https://lists.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://wiki.exim.org/

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to