> Baseline is, there is or has been a user "jon" usable for SMTP AUTH as
> you have shown by the log entry:
>
> Oct 5 15:17:53 www sendmail[6972]: AUTH=server,
> relay=pppoe9.net109-120-27.se1.omkc.ru [109.120.27.9] (may be forged),
> authid=jon, mech=LOGIN, bits=0
>
> Alexander
>
Hi Alexander
well the user jon has been deleted along with the entire domain the user
was in, and they are still relaying, also how is the user jon@xxxxxxxxxxx
getting Authorised when that user does not exist. These are a couple of
the latest successful relays from the logs.
Oct 5 17:45:51 www sendmail[32567]: AUTH=server,
relay=31-202-20-171-kh.maxnet.ua [31.202.20.171] (may be forged),
authid=jon, mech=LOGIN, bits=0
Oct 5 19:47:23 www sendmail[20547]: AUTH=server, relay=[178.126.88.216],
authid=jon@xxxxxxxxxxxxx, mech=LOGIN, bits=0
it shows an example of both of the users that are being accepted.
I just am not sure how, when I am fairly sure they don't actually exist.
Paul.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
