Re: [exim] Dealing with Authenticated SMTP spam

Top Page
Delete this message
Reply to this message
Author: Ken Simpson
Date:  
To: Paul Warren
CC: exim-users@exim.org
Subject: Re: [exim] Dealing with Authenticated SMTP spam
Hi Paul,

This is a complex problem. How many users do you have in your system?


On Tue, May 27, 2014 at 11:03 AM, Paul Warren <pdw@???> wrote:

> We're seeing a growing problem of spam being sent through our servers
> using compromised authenticated SMTP credentials.
>
> We suspect that the credentials are being stolen using malware on the
> users' computers (over which we have no control).
>
> Obviously we block the accounts as quickly as possible once we become
> aware of the problem, but typically by this point we'll be on multiple
> blacklists.
>
> Does anyone have any suggestions for detecting and blocking, or at least
> limiting the impact of, such attacks?
>
> We're currently considering rate-limiting, or trying to detect where a
> single user is using multiple IPs in quick succession.
>
> thanks,
>
> Paul
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>




--
*Ken Simpson*, CEO
MailChannels

Tel: *604-685-7488*
www.mailchannels.com
twitter.com/ttul* | *ca.linkedin.com/in/ksimpson