Autor: Cyborg Datum: To: exim-users Betreff: Re: [exim] New compromise...?
Am 25.09.19 um 21:50 schrieb Sebastian Nielsen via Exim-users: > Sebastian Nielsen via Exim-users <exim-users@???> (Mi 25 Sep 2019 05:49:26 EDT):
>> Another way to deal with compromises is to IP-restrict the user accounts so they can only login from where they are supposed to login from.
>> If ALL of your users "belong" to the same country - for example i fits a company-internal email server, I would suggest set auth_advertise_hosts to a list of CIDR ranges that your country, or even better, your company, uses. If you do this, you will never know, that the account got compromised.
The attackers can use the stolen creds to read all the user mails.
By detecting and disabling the compromised account, you can stop the
outbreak and inform your user about his hacked device.