Re: [exim] Better way to deal with phished users?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: Niels Kobschätzki
CC: exim-users
Betreff: Re: [exim] Better way to deal with phished users?
Am 05.07.21 um 14:42 schrieb Niels Kobschätzki:
>
>   I want to automate the acting upon it. This is about damage
> mitigation when the preventive measures didn’t help.
>


How about:

remote_smtp:
  driver = smtp
  .include_if_exists /etc/exim/ip.conf
  transport_filter = '/usr/local/sbin/count-script.pl'
'$sender_host_address' '$authenticated_id'
  ... options ...
  tls_tempfail_tryclear = false


that transport filter can so anything you like, i.e. counting the number
of mails per timeframe per authid and block the ip,
disable the account, clear the messagequeue and it also can technically,
blank the actual message, so it's not spam anymore ;)

It's not what transport filters are used for normally, but i think, it
would do the trick. All you need to make sure is, that STDIN goes
untampered to STDOUT, in case the message is fine. It may drop the
server performance a bit on high traffic systems...

best regards,
Marius