Of course its important to apply the same IP-based restriction on the
IMAP/POP3 server. But since exim4 isn't IMAP/POP3 its a bit off topic for
this list.
-----Ursprungligt meddelande-----
Från: Exim-users <exim-users-bounces+sebastian=sebbe.eu@???> För Cyborg
via Exim-users
Skickat: den 26 september 2019 23:15
Till: exim-users@???
Ämne: Re: [exim] New compromise...?
Am 25.09.19 um 21:50 schrieb Sebastian Nielsen via Exim-users:
> Sebastian Nielsen via Exim-users <exim-users@???> (Mi 25 Sep 2019
05:49:26 EDT):
>> Another way to deal with compromises is to IP-restrict the user accounts
so they can only login from where they are supposed to login from.
>> If ALL of your users "belong" to the same country - for example i fits a
company-internal email server, I would suggest set auth_advertise_hosts to a
list of CIDR ranges that your country, or even better, your company, uses.
If you do this, you will never know, that the account got compromised.
The attackers can use the stolen creds to read all the user mails.
By detecting and disabling the compromised account, you can stop the
outbreak and inform your user about his hacked device.
best regards,
Marius
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
