Auteur: Michael Deutschmann Datum: Aan: exim-users Onderwerp: Re: [exim] How to limit to authenticate user to send mails per Hour
On Mon, 16 Sep 2013, Mihamina Rakotomandimby wrote: > [Er.shashank.singh's] message was not very clear.
> But as far as I understood:
> - If people can steal credentials: secure your credentials
> - If people send spam: the solution is not rate limiting
Despite the reference to "per Hour" in the subject, I think what he's
asking for is not rate limiting, but making sure that all relayed mail is
sent "from" the mailbox assigned to the user who owns the credentials.
It's still unclear whether he means the envelope sender (MAIL FROM:
argument) or one of the headers.
That would make it obvious whose credentials have been stolen when the
spam complaints roll in. It also makes credentials stolen from his users
a tiny bit less valuable to the bad guys.
That's a reasonable thing to do, and it is done in the ACL. However, we
can't just give him a code snippet to insert, because the needed coding
depends very much on the way his user database is organized.
