[exim] Dealing with Authenticated SMTP spam

Top Page
This message is part of the following thread:
M+-++++\the complete thread tree sorted by date
MM\MMMMM 
MMMMMMKen Simpson at ->
Delete this message
Reply to this message
Author: Paul Warren
Date:  
To: exim-users
Subject: [exim] Dealing with Authenticated SMTP spam
We're seeing a growing problem of spam being sent through our servers
using compromised authenticated SMTP credentials.

We suspect that the credentials are being stolen using malware on the
users' computers (over which we have no control).

Obviously we block the accounts as quickly as possible once we become
aware of the problem, but typically by this point we'll be on multiple
blacklists.

Does anyone have any suggestions for detecting and blocking, or at least
limiting the impact of, such attacks?

We're currently considering rate-limiting, or trying to detect where a
single user is using multiple IPs in quick succession.

thanks,

Paul


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim 4.82, Amavis, XFORWARDRe: [exim] Dealing with Authenticated SMTP spam->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)