Re: [exim] Dealing with Authenticated SMTP spam

Top Page
Delete this message
Reply to this message
Author: Paul Warren
Date:  
To: exim-users
Subject: Re: [exim] Dealing with Authenticated SMTP spam
On 27/05/2014 19:29, Jeremy Harris wrote:
> On 27/05/14 19:03, Paul Warren wrote:
>> We're seeing a growing problem of spam being sent through our servers
>> using compromised authenticated SMTP credentials.
> [...]
>> We're currently considering rate-limiting, or trying to detect where a
>> single user is using multiple IPs in quick succession.
>
> Do you get undeliverables? Bounces? Monitor the rate.


Yes - we'll look at the posted approach for doing just that.

> Do they send with multiple envelope-from addresses from the one
> account? Monitor that rate.


On the last few that we've seen, no, they seem to consistently use the
SMTP username as the envelope-from.

Paul