Dovecot spoof prevention technique
Dovecot command to find the login that create spoof,
#egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1
Output will be, of form : dovecot_login connections : account address
Then execute the below command,
#grep "email accountt" /var/log/exim_mainlog | less . Find the entry corresponding to,
=-=-=-=-=
2013-09-24 16:16:26 [13665] 1VObqE-0003YP-AR <="spoof email account" =dovecot_login:Local account hacked S=682 id=20130925000607.D72B1D9DA45EA24D
=-=-=-=-=
Delete the spoof email address with the command,
#exim -bp | grep "spoof domain name" | awk {'print $3'} | xargs exim -Mrm
Change the email ID password of Local account hacked which will fix the issue.
Check that the queue is not increasing after this process,
#exim -bpc
Dovecot command to find the login that create spoof,
#egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1
Output will be, of form : dovecot_login connections : account address
Then execute the below command,
#grep "email accountt" /var/log/exim_mainlog | less . Find the entry corresponding to,
=-=-=-=-=
2013-09-24 16:16:26 [13665] 1VObqE-0003YP-AR <="spoof email account" =dovecot_login:Local account hacked S=682 id=20130925000607.D72B1D9DA45EA24D
=-=-=-=-=
Delete the spoof email address with the command,
#exim -bp | grep "spoof domain name" | awk {'print $3'} | xargs exim -Mrm
Change the email ID password of Local account hacked which will fix the issue.
Check that the queue is not increasing after this process,
#exim -bpc