> From: Yves Goergen
> Recently somebody misused one of the accounts on my mail server to send
> out large amounts of spam. Reading the logs, it came all from a single
> IP address, in a single SMTP connection.
>
> I found the following log line:
>
> no immediate delivery: more than 10 messages received in one connection
> The queue had over 300,000 files when I had to apply some black magic to
> delete it completely.
If you had used
https://github.com/Exim/exim/wiki/BlockCracking ,
less than hundred spam messages would have been queued,
then abused username+password would have been automatically disabled,
next spams not accepted.
> The user's inbox had over 20,000 error messages
It'd have 100 error messages (or less if multiple recipients per spam message).
> I don't want to
> face that situation ever again even if an account is misused.
Did you hear of the page linked above?
What do you think should be done for its promotion?
