Jethro,
>> Regardless of any technical answers, is it too obvious to suggest:
>> o/ change the password on the account
>> o/ suspend the account
>> o/ don't provide service to bad people
This is brilliant idea. Do you mind if I pipe our Exim mainlog file to
your terminal so you can spot these users right in time and alert me to
suspend their accounts?
Any complaints raised through the postmaster account and the like are
usually way too late as professional spammers will have abused the account
to sent ten thousands of mails before the first people complain. Don't
forget about time zones here!
I should explain what spamGuard does:
It basically monitors the log file every five minutes and counts how many
emails a user has sent. If this goes over a certain threshold (say 20
emails in a five minute interval) that user will end up a on throttling
list meaning any further emails will be delayed. If he hits the next
threshold the user will get temporarily suspended and the admin alerted
via email to take care. Which usually means: Talk to the user, find out if
this is due a virus infection or if the user really is a bad guy.
The rationale is: A spammer will have a hard time sending more than a
couple of dozends of mails before we will automatically be stopped, and
this without any human intervention.
On the other hand, hardly any "normal" user will have to send more then 20
mails every five minutes, will he? For mailing lists and special users
there is a whitelist of priviledged accounts which do not fall under this
limits.
So let me ask my original question in a different way: How would I
implement such a mechanism with Exim?
Regards,
Torsten
> On Wed, 11 May 2005 torsten@??? wrote:
>
>> I don't need SpamAssassin, at least not here, because the problem is
not preventing incoming spam from reaching our user's mailboxes but
unfortunately we habe issues with users that have an account and are
properly logged in sending out spam.
>>
>> This might be both because
>>
>> - they are bad people or
>> - either someone has hacked their account and is abusing it or there is
malware (worm, virus, ...) on a PC that has a proper SMTP AUTH
>> connection
>> to our server
>
> Regardless of any technical answers, is it too obvious to suggest:
>
> o/ change the password on the account
> o/ suspend the account
> o/ don't provide service to bad people
>
> ?
>
> Jethro.
>
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> Jethro R Binks
> Computing Officer, IT Services
> University Of Strathclyde, Glasgow, UK
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users ##
Exim details at
http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>
