On 06/03/14 11:01, FABIO FERRARI wrote:
> Hello,
>
> I have a problem about some users spreading their password to spammers.
> So I'm searching for a way to ban some authenticated users, or at least
> limit them to 1 message / hour with ratelimit.
>
> But I can't find how to do it, because the many discussions about this
> point to how to ban senders (that aren't usernames, but email address that
> can be spoofed) or hosts (spammers change them every miute).
>
> For example, is there a way to deny ldap authentication? If I modify the
> 'server_condition' line in this stanza:
>
> login_server:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = ${if ldapauth \
> {user="uid=${quote_ldap_dn:$1},ou=people,dc=unimore,dc=it" \
> pass=${quote:$2} \
> ldaps:///}{yes}{no}}
> server_set_id = $1
>
> it will be reloaded at every login or only when exim starts?
Stuff that's in the config is loaded when you tell exim to
reload (or restart). Stuff that's in a file, DB or service
interrogated thanks to stuff in the config, however, is
looked-up anew any time it's needed.
>
> Or is there a way to set a ratelimit for some users, and a ratelimit for
> some other?
Sure. If you need to get complicated, call an auth ACL. See the
docs on authentication...
--
Cheers,
Jeremy
