Dovecot spoof prevention technique
Dovecot command to find the login that create spoof,
egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1
Output will be,
dovecot_login: account address
grep "email accountt" /var/log/exim_mainlog | less . Find the entry corresponding to,
=-=-=-==-
2013-09-24 16:16:26 [13665] 1VObqE-0003YP-AR <="spoof email account" =dovecot_login:Local account hacked S=682 id=20130925000607.D72B1D9DA45EA24D
=-=-
=-=-
Delete the spoof email address with the command,
exim -bp | grep "spoof domain name" | awk {'print $3'} | xargs exim -Mrm
Change the email ID password of Local account hacked which will fix the issue.
Check that the queue is not increasing after this process,
=-=
exim -bpc
===-
Dovecot command to find the login that create spoof,
egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1
Output will be,
dovecot_login: account address
grep "email accountt" /var/log/exim_mainlog | less . Find the entry corresponding to,
=-=-=-==-
2013-09-24 16:16:26 [13665] 1VObqE-0003YP-AR <="spoof email account" =dovecot_login:Local account hacked S=682 id=20130925000607.D72B1D9DA45EA24D
=-=-
=-=-
Delete the spoof email address with the command,
exim -bp | grep "spoof domain name" | awk {'print $3'} | xargs exim -Mrm
Change the email ID password of Local account hacked which will fix the issue.
Check that the queue is not increasing after this process,
=-=
exim -bpc
===-