quags
Verified User
I've brought this up in a ticket in the past, but didn't get any resolution and it doesn't appear to happen very often. This is occurring on directadmin + ubuntu (20) with exim 4.96-58
What happened is
* compromised email account
* more than 10 emails came through
* the user was at their email limit already
* The email was allowed through
* Worse, it bypassed the smart host completely
If the email was blocked for max emails per day (which should have happened), or the email went to the smart host the spam would have been stopped. The set up follows https://docs.directadmin.com/other-hosting-services/exim/smarthost.html exactly
Code:
1q8tlD-00CyEB-3B <= REDACTED@REDACTED H=(LAPTOP-2KCC59KB) [REDACTED] P=esmtpsa X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=no A=plain:REDACTED@REDACTED S=2820 [email protected] T="Laatste herinnering" from <REDACTED@REDACTED> for REDACTED@REDACTED
1q8tlD-00CyEB-3B no immediate delivery: more than 10 messages received in one connection
1q8tlD-00CyEB-3B failed to expand condition "${perl{check_limits}}" for smart_route router: Your E-Mail (REDACTED@REDACTED) has reached it's daily email limit of 200 emails
1q8tlD-00CyEB-3B => REDACTED@REDACTED F=<REDACTED@REDACTED> R=lookuphost T=remote_smtp S=2902 H=smtp1.REDACTED [REDACTED] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=yes C="250 2.0.0 35D5Zq17061264 Message accepted for delivery"
1q8tlD-00CyEB-3B CompletedWhat happened is
* compromised email account
* more than 10 emails came through
* the user was at their email limit already
* The email was allowed through
* Worse, it bypassed the smart host completely
If the email was blocked for max emails per day (which should have happened), or the email went to the smart host the spam would have been stopped. The set up follows https://docs.directadmin.com/other-hosting-services/exim/smarthost.html exactly