2012/12/11 <Lena@???>:
> Use this instead: http://github.com/Exim/exim/wiki/BlockCracking
> and after some time tell us whether it in practice solved the problem with
> stolen passwords.
>
I think such system (BlockCracking) would produce much false positives
in my enviroment. Many of my users have their own mailing dabases and
many address-es there might be non-existent. I think it is much
simpler to tell smtp user to use only his own adress in From header
than tell him not to send to much emails to non existing accounts. But
it is nice to know that such idea exists. I think this could work well
on servers that are supposed not to be used for mailing at all
(legitimate or not) - not mine servers unfortunately :( Besides it is
purely anti abuse system, but does not block from header "spoofing"
from smtp auth user (with possible trusted users list - build maybe in
2opt-in like gmail)
> Some honest users need to send messages with From not equal to
> smtp auth username. For example ...@ieee.org or ...-owner@???
> Such services forward incoming mail
> but don't offer their own relays for outgoing mail.
If some server don't want to provide his smtp (so he can't have
problems with service abuse) does not exacly mean that I sould open
such possibility to my all users, even those that did not asked for
it. I think spamers use this functionality much much often than
legitimate users (which you sould be able to whitelist on demand)
