For webmail just force TOTP. Solves all problems except users that are abusive themselves.
-------- Originalmeddelande --------Från: Niels Dettenbach via Exim-users <exim-users@???> Datum: 2021-07-05 13:40 (GMT+01:00) Till: Niels Kobschätzki <niels@???> Kopia: exim-users@??? Ämne: Re: [exim] Better way to deal with phished users? Am Montag, 5. Juli 2021, 13:19:45 CEST schrieb Niels Kobschätzki:> The moment I identify them I lock them out of the system, remove all their> mails in the queues and they have to reset their password before they can> do anything again. The problem is the identification because you usually> get to know it only, when the accounts are actively misused. If I get to> know that users where specifically targeted I inform them. And at 2am in> the night it might already be too late (you landed yourself on blacklists)> - even though you still kick them from the system....beside exims "ratelimiting" (which is just lowering the impact at the cost of all users) - is there any way to monitor the webmail webserver or application logs from your webmail system (most known webmail solutions do/allow some way to log with "username")? If someone sends out hundreds of mails per hour per webmail, this is probably bot behaviour (fail2ban or similiat tools may help then reacting with "some command")...just as an idea...niels.-- --- Niels Dettenbach Syndicat IT & Internet
https://www.syndicat.com PGP:
https://syndicat.com/pub_key.asc --- -- ## List details at
https://lists.exim.org/mailman/listinfo/exim-users## Exim details at
http://www.exim.org/## Please use the Wiki with this list -
http://wiki.exim.org/