Am Montag, 5. Juli 2021, 09:04:16 CEST schrieb Niels Kobschätzki:
> On 5 Jul 2021, at 7:54, Niels Dettenbach via Exim-users wrote:
> Phished users are users from my mail system which are proven regular users
> who have their accounts for years and whose credentials got compromised
> and are now suddenly used for sending spam- or phishing mails from my mail
> system to other systems (and in that special case they are using the
> Webmail-interface to send out mails and thus they really look like normal
> users from the point of view of the mailing system).
>
> Thus I want to prevent sending out spam/scam mails from my system to others
> (yes I already have diverse counter-measures in place but for the kind
> mentioned above they all Gail and I have to intervene manually)
ouch,
ok.
From my view, the primary way is to force the users to set new credentials
(if you really mean access credentials - like passwords). As a network /
email operator on the internet, by "netiquette" it is your responsibility to
minimize / block abusive traffic from your systems.
At least some countries have regulations by law forcing you to do this (at
least if you "get aware of").
Until that you may strongly ratelimit or block such users (if you could
identify them and if it is possible with your contracts / policies) to avoid
harm to others and (not at least) your own email system (reputation etc.).
best regards,
niels.
--
---
Niels Dettenbach
Syndicat IT & Internet
https://www.syndicat.com
PGP:
https://syndicat.com/pub_key.asc
---