Re: [exim] New compromise...?

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Heiko Schlittermann
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] New compromise...?
Sebastian Nielsen via Exim-users <exim-users@???> (Mi 25 Sep 2019 05:49:26 EDT):
> Another way to deal with compromises is to IP-restrict the user accounts so they can only login from where they are supposed to login from.
> If ALL of your users "belong" to the same country - for example i fits a company-internal email server, I would suggest set auth_advertise_hosts to a list of CIDR ranges that your country, or even better, your company, uses.


Maybe we use ratelimit to restrict the numbers of distinct
sender_host_addresses that are allowed to do (successful)
authentication.

The challenge will be to find the right balance between being too sloppy
and too strict.

(Think about a mobile device, reconnecting serveral times over the
course of a day)

    Best regards from Atlanta/GA
    Viele Grüße aus Atlanta/USA
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -