Re: [exim] New compromise...?

Pàgina inicial
Aquest missatge és part del següent fil:
M---+\l'arbre de fils complet ordenat per data
M--\MMHeiko Schlittermann en <-
M+\MSebastian Nielsen en ->
Delete this message
Reply to this message
Autor: Cyborg
Data:  
A: exim-users
Assumpte: Re: [exim] New compromise...?
Am 25.09.19 um 11:21 schrieb Heiko Schlittermann via Exim-users:
>
> In MAIL ACL (or later) you can block messages from authenticated users
> if authenticated ID does not match the sender address, or you can
> ratelimit on the authenticated ID
>

ehm.. we are talking about a hacked mail account, not legimit users
sending too much mail.
The main goal needs to stop those attackers from abusing the system at all.

So, besides strict "from:" checks, i suggest to implement a database
check for last sending ips.
If you find too much entries in that database, you can reject those
mails and execute a script to disable the account.

@Mark & Heiko:

Thanks for the problem, I had a brilliant idea how to improve my exim
setup :D

best regards,
Marius

Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] New compromise...?Re: [exim] New compromise...?->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)