Re: [exim] New compromise...?

Pàgina inicial
Delete this message
Reply to this message
Autor: Cyborg
Data:  
A: exim-users
Assumpte: Re: [exim] New compromise...?
Am 25.09.19 um 11:21 schrieb Heiko Schlittermann via Exim-users:
>
> In MAIL ACL (or later) you can block messages from authenticated users
> if authenticated ID does not match the sender address, or you can
> ratelimit on the authenticated ID
>


ehm.. we are talking about a hacked mail account, not legimit users
sending too much mail.
The main goal needs to stop those attackers from abusing the system at all.

So, besides strict "from:" checks, i suggest to implement a database
check for last sending ips.
If you find too much entries in that database, you can reject those
mails and execute a script to disable the account.

@Mark & Heiko:

Thanks for the problem, I had a brilliant idea how to improve my exim
setup :D

best regards,
Marius