[Pkg-exim4-users] "no secret in database" messages

[Andreas Metzler]

Ross Boylan <ross at biostat.ucsf.edu> wrote:
> auth.log shows entries like
> Aug 29 01:02:03 corn exim4: no secret in database
> and
> Aug 29 01:05:04 corn exim4: need authentication name
> The former occurs repeatedly.  They occur in a burst a little after 1am,
> another after 2am, and then nothing.

> At the same time exim's logs show
> 2008-08-29 01:01:33 cram_md5_sasl_server authenticator failed for
> 114-44-141-95.dynamic.hinet.net (xnxvve.com) [114.44.141.95]: 553
> Initial data not expected
> 2008-08-29 01:01:33 H=114-44-141-95.dynamic.hinet.net (xnxvve.com)
> [114.44.141.95] F=<utpmsf at lexjll.com> rejected RCPT
> <rwbhur2554 at yahoo.com.tw>: relay not permitted
> 2008-08-29 01:01:34 unexpected disconnection while reading SMTP command
> from 114-44-141-95.dynamic.hinet.net (xnxvve.com) [114.44.141.95]
> 2008-08-29 01:01:35 cram_md5_sasl_server authenticator failed for
> 114-44-141-95.dynamic.hinet.net (mdcchpmfl.com) [114.44.141.95]: 535
> Incorrect authentication data
> and many more like that, with different domain names.

> Can anyone help me understand what is going on, and if it's something I
> should be concerned about?
[...]

I suspect this is a spammer, sending invalid AUTH data.
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'