Autor: Cyborg Datum: To: exim-users Betreff: Re: [exim] New compromise...?
Am 25.09.19 um 11:49 schrieb Sebastian Nielsen via Exim-users: > Another way to deal with compromises is to IP-restrict the user accounts so they can only login from where they are supposed to login from.
> If ALL of your users "belong" to the same country - for example i fits a company-internal email server, I would suggest set auth_advertise_hosts to a list of CIDR ranges that your country, or even better, your company, uses.
>
In theory: yes, good suggestion. if the corp has it's own network, fine,
works as expected.
coming from the practical side: does not work in modern dsl/cable/mobile
networks anymore.
Q: Providerexample: If you are the unlucky customer of 1&1 in Germany,
you have no idea in which city our dsl connection enteres the inet
today. How do you know this in advance?
A: you can't. You would need all the networks your provider offers and
trust me, they won't give it to you when you ask, because they completly
lost the overview about them themselfs :D
Q: spam bots are common desktop pc, android botphones, which are using
the same networks, as you do. How do you decide if it's you or a
botnetmember, if it's in the same or near network?
A: You can't. Thats what you passwort is for. As someone dealing with
hacks and botnetlists, there is always one pc/phone hacked, which is in
the same consumer network as the real user is. Thats mainly, because
botnets work globally and hack the easiest devices a mas : IoT, Desktop,
DSL/Cablemodems and Phone and where do you find those? In the same
network your Phone or Modem resides in ;)
Conclusion:
Forget it. Your digital neighbour is your enemy, don't trust him.
Whitelisting whole networks works only in special, well defined cases.