[exim] Dealing with Authenticated SMTP spam

Startseite
Diese Nachricht ist Teil des folgenden Threads:
M+-++++\Der komplette Thread sortiert nach Datum
MM\MMMMM 
MMMMMMKen Simpson am ->
Nachricht löschen
Nachricht beantworten
Autor: Paul Warren
Datum:  
To: exim-users
Betreff: [exim] Dealing with Authenticated SMTP spam
We're seeing a growing problem of spam being sent through our servers
using compromised authenticated SMTP credentials.

We suspect that the credentials are being stolen using malware on the
users' computers (over which we have no control).

Obviously we block the accounts as quickly as possible once we become
aware of the problem, but typically by this point we'll be on multiple
blacklists.

Does anyone have any suggestions for detecting and blocking, or at least
limiting the impact of, such attacks?

We're currently considering rate-limiting, or trying to detect where a
single user is using multiple IPs in quick succession.

thanks,

Paul


Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim] Exim 4.82, Amavis, XFORWARDRe: [exim] Dealing with Authenticated SMTP spam->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)