On Tue, 24 Sep 2019 at 11:48, Jasen Betts via Exim-users < [email protected]> wrote:
> On 2019-09-24, Odhiambo Washington via Exim-users <[email protected]> > wrote: > > > Authentication-Results: gw.ourdomain.tld;iprev=fail > > smtp.remote-ip=5.61.42.174;auth=pass (PLAIN) > > [email protected];dmarc=skipped > > header.from=ourdomain.tld > > Is that a standard header? I've not seen exim adding that. > Extracted that from the spam mail. > > It seems to say they did "auth plain" and gave an acceptable password. > (escpecially in combination with "esmtpsa" in the received header. > > Could there be some problem with your plain authenticator? What is it > authenticating against? > Not sure if there is a problem with my plain authenticator. Maybe, maybe not. I need a 3rd eye. It authenticates against dovecot: plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 > > Can you share the ' <= ' line for this email (1iCQpf-0002zI-7B) in the > exim logs it should be near Mon, 23 Sep 2019 19:05:01 +0300 > > Here is the log extract: 2019-09-23 19:05:01 1iCQpf-0002zI-7B <= [email protected] H=([127.0.0.1]) [5.61.42.174] I=[41.57.X.X]:587 P=esmtpsa X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no A=plain:[email protected] S=153471 id=4d95a1b3-5c91-471 [email protected] T="Your order ?5634 is ready for the transporting" from <[email protected]> for [email protected] 2019-09-23 19:05:01 1iCQpf-0002zI-7B => /var/spool/virtual/ourdomain.tld/daniel.owino/Maildir <[email protected]> R=virtual_domains T=dovecot_virtual_delivery S=153618 2019-09-23 19:05:01 1iCQpf-0002zI-7B Completed -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
