Re: [exim] rewrite From header with smtp auth-ed username?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jan Ingvoldstad
Date:  
À: exim users
Sujet: Re: [exim] rewrite From header with smtp auth-ed username?
On Tue, Dec 11, 2012 at 9:08 PM, Cyborg <cyborg2@???> wrote:

> Am 11.12.2012 16:42, schrieb Jan Ingvoldstad:
>
>> 1. Permit accounts to send on behalf of its associated domainname.
>>
>
> IMHO, it would be enough to check if the sender domain match the account
> domains.
>


Now you're assuming that there is a one-to-one relationship between account
name and email address, which is something I tried to avoid in my example.

Many email setups still use Unix usernames or similar solutions. :)


> if the attacker uses the mailclient of the customer, there will be no
> chance to find out, except for rate
> limit violations.
>
>

In my experience, spamming through authenticated accounts are currently
tailored to go under the radar for rate limits, typically one or two
handfuls of messages sent every day, to 10-30 recipients, maybe less.

Rate limiting works well to prevent regular users and the odd misconfigured
client from overloading the mail server and/or queue, though.
--
Jan