On Tue, 19 Feb 2019, Mark Elkins via Exim-users wrote:
> I run a "relay" server for my e-mail clients - so they can send out e-mail
> from any network they are connected to (so useful for travelling laptops).
> This machine runs only on port 587, uses authentication (same password as for
> their POP3/IMAP account) - etc etc.
>
> Some nefarious people are continuously trying to discover valid username and
> password combos. Once they do - they flood that account with SPAM. Much
> bounces back to my clients - whom after a few days tell me (delayed due to
> embarrassment?) Often, these "scans" are being done in what looks like quite
> a random way, from multiple IP addresses and reasonably infrequently - say
> once a minute.
If you don't already, run a spamchecker on your outgoing email.
Even at once a minute your can rate-limit; I doubt that many of your
clients send 5 emails in 10 minutes, so you can use exim's rate-limiting
here. You can limit the number of recipients too.
--
Andrew C. Aitchison Cambridge, UK
andrew@???