Re: [exim] Dealing with Authenticated SMTP spam

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] Dealing with Authenticated SMTP spam
On Tue, May 27, 2014 at 07:03:23PM +0100, Paul Warren wrote:

> Does anyone have any suggestions for detecting and blocking, or at least
> limiting the impact of, such attacks?


On the Postfix-users list the answer would be rate-limiting all
users (even the not yet compromised accounts) so that once an
account is compromised the damage is limited and have time to
disable the account once the appropriate alerts are raised.

Since the problem is not especially MTA-specific, I would look for
a suitable rate limiting capability in Exim that restricts messages
per unit time for a given SASL login.

-- 
    Viktor.