One of the exim servers I manage recently got used as a spam relay but in a
way that exim currently has no option to easily protect against (at least
none that I can find in the manual).
Basically the smtp server is used for a small dialup ISP to relay customer
emails. The relaying is locked to those specific dialup IP's with the
sender_verify & headers_sender_verify both set to true. However a malicious
user used the dialup to send repeated spam emails in a short period of time
using a valid reply address. They avoided the current anti-spam protection
by only sending single emails, one after another and also by keeping the
number of recipients per email small.
Apart from disabling that users account (which does not stop them just
creating another), the only way I can think of to easy stop another such
attack is to somehow limit the # of smtp requests received from a single IP
address in a given period of time.
If someone can tell me if I can do this with the current exim setup I'd much
appreciated the help otherwise is this a request for Phil to answer?