On 10/22/2016 1:30 PM, Paul Schmehl wrote: > He's clearly doing something very clever that is not the usual brute > force cram-it-down-your-throat spam run.
No evidence has been presented that this is anything other than the usual leaked-credentials account hijacking. Any confusion is due to a lack of information. Postfix logs the sasl username presented by the spammer. Hopefully the sasl backend logging will show why this name is unexpectedly accepted, and is almost certainly not a bug or exploit. -- Noel Jones
