Hi Paul,
This is a complex problem. How many users do you have in your system?
On Tue, May 27, 2014 at 11:03 AM, Paul Warren <pdw@???> wrote:
> We're seeing a growing problem of spam being sent through our servers
> using compromised authenticated SMTP credentials.
>
> We suspect that the credentials are being stolen using malware on the
> users' computers (over which we have no control).
>
> Obviously we block the accounts as quickly as possible once we become
> aware of the problem, but typically by this point we'll be on multiple
> blacklists.
>
> Does anyone have any suggestions for detecting and blocking, or at least
> limiting the impact of, such attacks?
>
> We're currently considering rate-limiting, or trying to detect where a
> single user is using multiple IPs in quick succession.
>
> thanks,
>
> Paul
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
--
*Ken Simpson*, CEO
MailChannels
Tel: *604-685-7488*
www.mailchannels.com
twitter.com/ttul* | *ca.linkedin.com/in/ksimpson
