Hi, this is a logline created by emoted or another malware:
2022-01-11 22:01:45 LOGIN authenticator failed for ([0.0.0.0]) [41.133.x.x]: 535 Incorrect authentication data (set_id=EmotedBot)
It shows the "hostname" used as "[0.0.0.0]" but is this really caused by i.e. this:
220 x.x.x ESMTP Exim 4.94.2 Fri, 21 Jan 2022 10:27:11 +0100 HELO [0.0.0.0] or is it (logline) created with another syntax,I don't know yet? best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
