Author: Lena Date: To: exim-users Subject: Re: [exim] Delaying messages for 5 minutes?
> From: Marc Perkel
> How do
> the messages get unfrozen?
Messages begin to be frozen only after the user has sent
to 100 nonexistent email addresses within 1 hour.
Either it's spam (using stolen password or a spambot in the user's Windows)
or a false positive (100 nonexistent recipients in one hour? Unlikely IMHO).
Anyway, abuse staff (a human) must distinguish between spam and a
false positive (by looking into content of frozen messages in the queue)
after receiving the warning message. I.e. manual intervention is inevitable.
Then abuse staff either deletes (with a text editor)
the line with the username from the "blocked..." file
and unfreezes messages using `exipick` (if it's a false positive), or
blocks the user (or changes the user's password) and keeps frozen messages
in the queue as evidence for fining the user according to the contract
(if it's spam). After the fine is exacted, password changed and the
user's Windows cleaned from malware, also use a text editor and `exipick`.
If the line with the username is the only line in the file (likely)
then the file can be just deleted instead of editing.
Note: nonexistent recipients are counted, not total recipients.
Spammers' lists of email addresses are drastically more unclean
than honest users'.