Autor: Lena Fecha: A: exim-users Asunto: Re: [exim] rewrite From header with smtp auth-ed username?
From the http://new-spam-l.com list:
> From: Alan Doherty > we use 3 factors for smtpa
>
> a username
> b password
> c is the envelope from one that the user has previously setup on our
> systems
>
> if they fail c the email is rejected at rcpt-to
> and the user is sent an email explaining why they are locked out of
> smtpa (their user/password still works for admin pop3/imap)
> so they can just hop over to the admin page and change their
> password to unlock the accounts smtpa, also if it was an error on
> their part they can belatedly add the 3rd party envelope-from they
> were trying
>
> this way if an account is successfully used to send spam (ie they
> use his from: as well) the torrent of bounces is ours and the users
> notification.
>
> so far its worked
> (obviously we also content filter after data, but very few hit the
> quarantine queue (if they do the user can release, but a copy is
> also flagged for admin review, so far all just bad chain-mail, that
> we educate/LART the user for)
>
> I do worry about the potential for a bot (or human herder) to take
> the credentials and use them to admin the account so each new
> envelope sender is added before the smtp send, we have yet to add an
> automated confirmation loop, its on my to-do list