Author: Jasen Betts Date: To: exim-users Subject: Re: [exim] Kick user - force disconnect authenticated sessions
On 2013-08-07, Marcin Gryszkalis <mg@???> wrote: > Hi
> I wonder if it's possible to disconnect all active sessions for given
> authenticated user.
>
> It would be used to close sessions used by accounts stolen by spammers.After
> detecting unusual rate of mails from one account I lock it in database, freeze
> all suspiciousmails in queue, send alert to postmasterand close all imap/pop3
> sessions (with `doveadm kick user@`) - I'd like to close all SMTP sessions as
> well (and do it quick!) but I don't know how to find them. Unfortunately
> process_info log (like viewed by exiwhat) doesn't include authentication info. [...] > Can you advise different/better approach?
Does it matter if they can connect if having connected they can't
submit any mail?
can you add a conditon in the PREDATA, MAIL and/or RCPT acls that checks
for a flag-file ( eg: /home/$auth_user/.allowed-to-send )
how does dovecot indicate a user has been banned, exim can probably check for
that condition before accepting the email.
