Hello group,
I'm looking for an example for how to cure this problem.
Every now and then, a user will give his password to a bad actor (Social
Engineering). That bad person then goes to my webmail interface and
sends out a lot of SPAM e-mail - which goes to my port 587 (only) Exim
(version 4.94)..
The mail server then gets black-listed :-(
Of course - then everyone suffers.
All my users details are in a MySQL Database. Ideally - I could change
their status to "disabled" - but still need to handle the SPAM being
sent out from their account details. Perhaps I'd lookup the
"X-Originating-IP" and if there - not do a delivery?
What are the "Best Practises" with handling this?
An example of a "bad" email (the H file) might look like... (as
untouched as possible)
1jX2Tv-00A32n-Ka-H
mail 8 12
<mothapom@???>
1588942319 2
-received_time_usec .638108
-helo_name webmail.vweb.co.za
-host_address 2001:42a0::5.36176
-interface_address 2001:42a0::71.587
-received_protocol esmtps
-body_linecount 48
-max_received_linelength 74
-frozen 1589015756
-tls_cipher TLSv1.3:TLS_AES_256_GCM_SHA384:256
-tls_sni relay.vweb.co.za
-tls_ourcert -----BEGIN CERTIFICATE-----\nMIIGaTCCBVGgAwIBAgISAw6 [Lots
deleted] 4isptageh9BnUwAwJw==\n-----END CERTIFICATE-----\n
YY wryer@???
YY wrongdoer@???
YY wristwatch@???
[20+ lines deleted]
NN yards@???
NN yawn@???
50
wrinkle@???
wrinkling@???
[20+ lines deleted]
swarthy@???
swathes@???
255P Received: from [2001:42a0::5] (port=36176 helo=webmail.vweb.co.za)
by relay.vweb.co.za with esmtps
(TLSv1.3:TLS_AES_256_GCM_SHA384:256)
(Exim 4.92.2)
(envelope-from <mothapom@???>)
id 1jX2Tv-00A32n-Ka; Fri, 08 May 2020 14:51:59 +0200
018 Mime-Version: 1.0
038 Date: Fri, 08 May 2020 12:52:10 +0000
087 Content-Type: multipart/alternative;
boundary="--=_RainLoop_183_170848428.1588942330"
026 X-Mailer: RainLoop/1.11.3
057F From: "Mrs. Agnes Adams" <mothapom@???>
068I Message-ID: <f48e1f3d5cf34a6e7f03fe0d1b6487a8@???>
030R Reply-To: jm4065278@???
012 Subject: HI
034 X-Originating-IP: 197.220.169.156
--
Mark James ELKINS - Posix Systems - (South) Africa
mje@??? Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA:
https://ftth.posix.co.za
