Re: [exim] Slowing Blacklisted Authenticated Users

Top Page
Delete this message
Reply to this message
Author: Matt
Date:  
To: exim-users
Subject: Re: [exim] Slowing Blacklisted Authenticated Users
When I have an email account with a compromised password that is
pumping out junk with auth SMTP the sending IP is virtually always in
XBL. When I have legitimate senders using auth SMTP they are
extremely rarely listed.

So, I feel that if an authenticated sender is listed in XBL I feel
there is a 98+ percent chance it is compromised and pumping out junk
mail. For the remaining 2 percent I would like to restrict too around
10 recipients an hour so its still usable but cannot send enough
volume to be of use to a junkmailer.


> I have this to block users that authenticate and are on a blacklist.
>
> deny
> dnslists = some.black.list.or.another
>         authenticated = *
>         verify=recipient
>         message = blocked authenticated sender

>
> Rather then block these I would like to rate limit black listed
> authenticated senders to 5 messages an hour or so in case its a false
> positve.
>
> I see this:
>
> # Keep authenticated users under control
> warn ratelimit = 100 / 1h / strict / $authenticated_id
>          delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} -
> $sender_rate_limit }s

>
> But how do I make this only trigger on blacklisted authenticated users?