> From: Sebastian Nielsen
> I would suggest using an config that restricts authenticated users to
> a specific IP range. Then no bots from china can successfully guess a
> account.
I restrict authenticated users to a non-standard port (neither 25, 465 nor 587):
daemon_smtp_ports = 25 : 1234
accept authenticated = *
condition = ${if !={$received_port}{25}}
control = submission/domain=
If bots aren't blocked, they waste connection time and RAM, in effect like DoS.
This
https://github.com/Exim/exim/wiki/BlockCracking blocks bots from both
wasting resources and spamming.
> That will prevent accounts from being hacked and used in spamming
Passwords mostly are stolen with Windows malware or phishing.
