Re: [exim] Dealing with Authenticated SMTP spam

Top Page
This message is part of the following thread:
M+-++++\the complete thread tree sorted by date
MM\MMMMMPaul Warren at <-
MMMMMMJasen Betts at ->
Delete this message
Reply to this message
Author: Paul Warren
Date:  
To: exim-users
Subject: Re: [exim] Dealing with Authenticated SMTP spam
On 27/05/2014 19:29, Jeremy Harris wrote:
> On 27/05/14 19:03, Paul Warren wrote:
>> We're seeing a growing problem of spam being sent through our servers
>> using compromised authenticated SMTP credentials.
> [...]
>> We're currently considering rate-limiting, or trying to detect where a
>> single user is using multiple IPs in quick succession.
>
> Do you get undeliverables? Bounces? Monitor the rate.

Yes - we'll look at the posted approach for doing just that.

> Do they send with multiple envelope-from addresses from the one
> account? Monitor that rate.

On the last few that we've seen, no, they seem to consistently use the
SMTP username as the envelope-from.

Paul

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Dealing with Authenticated SMTP spam[exim] Exim 4.82.1 Security Release->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)