Autor: Randy Bush Data: Dla: exim users Temat: [exim] detecting overly frequent smtp from real user
had a legit user user with weak password. someone cracked it and used
it to drive a lot of spam by smtping in with plain auth.
anyone have scripting to raise alerts if there is inbound smtp from a
legit user above some threshold?
i will also likely remove all user passwords from /etc/passwd (as shell
access is ssh key only anyway) and put passwords for legit smtpers into
`server_condition` in `authenticators`