I am running exim 4.69 on a CentOS 4 machine with cPanel. This morning, I noticed the queue had quite a few emails that were from an unknown sender so I became concerned. It appears, from looking at the exim logs, that the sender was authenticating as the"admin" unix user. Here is an example of one of these log entries: 2008-08-14 02:33:49 1KTWP7-00073v-2J <= [EMAIL PROTECTED] H=rrcs-67-79-255-138.sw.biz.rr.com (User) [67.79.255.138] P=esmtpa A=fixed_login:admin S=2110 Obviously, I am concerned that I have experienced a security breach with an unauthorized user sending mail through my exim server. The admin user account on this machine has never been used or accessed by an authorized user and I have checked the /var/log/secure* logs to verify that nobody has recently logged onto the machine as the admin user. So, I am baffled as to how someone could successfully send authenticated mail as user = admin without knowing the admin password. So, does anybody on this list have any insight as to what might be going on here? Also, how can I disable exim's SMTP services for unix user accounts such as admin? Thanks, Gordon
References 1. mailto:[EMAIL PROTECTED] -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
