Re: [exim] identifying compromised accounts

Top Page
Delete this message
Reply to this message
Author: Ken Simpson
Date:  
To: Jeremy Harris
CC: exim-users@exim.org
Subject: Re: [exim] identifying compromised accounts
>
> >
> > I've been having issues with compromised accounts used to send spam via
> > authenticated connections to my servers. Don't ask me how those people
> > lost their passwords, but they did.
>
> You can play with ratelimit entries to spot an unusual increase in
> send rate, per account.
>
> You can watch for rate of rejects, rather than bounces (please don't
> say you accept-then-bounce!)
>
> You can charge your customers real money in cleanup fees.
>


These are great suggestions, but he's in a university environment and I
imagine nobody is going to be paying clean up fees. If he has a budget, he
might need to consider a commercial solution that applies more
sophistication to the detection of compromised accounts.

Regards,
Ken

--
*Ken Simpson*
CEO, MailChannels

Tel: +1 604 685 7488
www.mailchannels.com
Twitter <https://twitter.com/mailchannels> | LinkedIn
<http://www.linkedin.com/company/mailchannels>