Re: [exim] New compromise...?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MViktor Dukhovni at <-
MSebastian Nielsen at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] New compromise...?
Am 25.09.19 um 21:50 schrieb Sebastian Nielsen via Exim-users:
> Sebastian Nielsen via Exim-users <exim-users@???> (Mi 25 Sep 2019 05:49:26 EDT):
>> Another way to deal with compromises is to IP-restrict the user accounts so they can only login from where they are supposed to login from.
>> If ALL of your users "belong" to the same country - for example i fits a company-internal email server, I would suggest set auth_advertise_hosts to a list of CIDR ranges that your country, or even better, your company, uses.
If you do this, you will never know, that the account got compromised.
The attackers can use the stolen creds to read all the user mails.

By detecting and disabling the compromised account, you can stop the
outbreak and inform your user about his hacked device.

best regards,
Marius
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] RFC: submission mode should strip BCC header?Re: [exim] New compromise...?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)