Re: [exim] Better way to deal with phished users?

Top Page
Delete this message
Reply to this message
Author: Niels Dettenbach
Date:  
To: Niels Kobschätzki
CC: exim-users
Subject: Re: [exim] Better way to deal with phished users?
Am Montag, 5. Juli 2021, 13:19:45 CEST schrieb Niels Kobschätzki:
> The moment I identify them I lock them out of the system, remove all their
> mails in the queues and they have to reset their password before they can
> do anything again. The problem is the identification because you usually
> get to know it only, when the accounts are actively misused. If I get to
> know that users where specifically targeted I inform them. And at 2am in
> the night it might already be too late (you landed yourself on blacklists)
> - even though you still kick them from the system.


...beside exims "ratelimiting" (which is just lowering the impact at the cost
of all users) - is there any way to monitor the webmail webserver or
application logs from your webmail system (most known webmail solutions do/
allow some way to log with "username")? If someone sends out hundreds of
mails per hour per webmail, this is probably bot behaviour (fail2ban or
similiat tools may help then reacting with "some command")...

just as an idea...


niels.


--
---
Niels Dettenbach
Syndicat IT & Internet
https://www.syndicat.com
PGP: https://syndicat.com/pub_key.asc
---