Re: [exim] rewrite From header with smtp auth-ed username?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MCyborg at <-
Mkrzf83@gmail.com at ->
Delete this message
Reply to this message
Author: Jan Ingvoldstad
Date:  
To: exim users
Subject: Re: [exim] rewrite From header with smtp auth-ed username?
On Tue, Dec 11, 2012 at 9:08 PM, Cyborg <cyborg2@???> wrote:

> Am 11.12.2012 16:42, schrieb Jan Ingvoldstad:
>
>> 1. Permit accounts to send on behalf of its associated domainname.
>>
>
> IMHO, it would be enough to check if the sender domain match the account
> domains.
>

Now you're assuming that there is a one-to-one relationship between account
name and email address, which is something I tried to avoid in my example.

Many email setups still use Unix usernames or similar solutions. :)


> if the attacker uses the mailclient of the customer, there will be no
> chance to find out, except for rate
> limit violations.
>
>
In my experience, spamming through authenticated accounts are currently
tailored to go under the radar for rate limits, typically one or two
handfuls of messages sent every day, to 10-30 recipients, maybe less.

Rate limiting works well to prevent regular users and the odd misconfigured
client from overloading the mail server and/or queue, though.
--
Jan
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] rewrite From header with smtp auth-ed username?Re: [exim] Exim 4.80.1 security release - details->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)