> From: "FABIO FERRARI"
> I have a problem about some users spreading their password to spammers.
> So I'm searching for a way to ban some authenticated users, or at least
> limit them to 1 message / hour with ratelimit.
>
> But I can't find how to do it, because the many discussions about this
> point to how to ban senders (that aren't usernames, but email address that
> can be spoofed) or hosts (spammers change them every miute).
Username is in $authenticated_id . How to ban abused usernames
authomatically:
https://github.com/Exim/exim/wiki/BlockCracking
> For example, is there a way to deny ldap authentication?
Yes, the code on the webpage linked above works with any type authentication.
> If I modify the
> 'server_condition' line in this stanza:
>
> login_server:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = ${if ldapauth \
> {user="uid=${quote_ldap_dn:$1},ou=people,dc=unimore,dc=it" \
> pass=${quote:$2} \
> ldaps:///}{yes}{no}}
> server_set_id = $1
>
> it will be reloaded at every login or only when exim starts?
The server_condition line is expanded at every login.
--
Lena
