Autore: Paul Warren Data: To: exim-users Oggetto: Re: [exim] Dealing with Authenticated SMTP spam
On 27/05/2014 19:29, Jeremy Harris wrote: > On 27/05/14 19:03, Paul Warren wrote:
>> We're seeing a growing problem of spam being sent through our servers
>> using compromised authenticated SMTP credentials.
> [...]
>> We're currently considering rate-limiting, or trying to detect where a
>> single user is using multiple IPs in quick succession.
>
> Do you get undeliverables? Bounces? Monitor the rate.
Yes - we'll look at the posted approach for doing just that.
> Do they send with multiple envelope-from addresses from the one
> account? Monitor that rate.
On the last few that we've seen, no, they seem to consistently use the
SMTP username as the envelope-from.