Re: [exim] Better way to deal with phished users?

Αρχική Σελίδα

Reply to this message
Συντάκτης: Cyborg
Προς: Niels Kobschätzki
Υ/ο: exim-users
Αντικείμενο: Re: [exim] Better way to deal with phished users?
Am 05.07.21 um 14:42 schrieb Niels Kobschätzki:
>   I want to automate the acting upon it. This is about damage
> mitigation when the preventive measures didn’t help.

How about:

  driver = smtp
  .include_if_exists /etc/exim/ip.conf
  transport_filter = '/usr/local/sbin/'
'$sender_host_address' '$authenticated_id'
  ... options ...
  tls_tempfail_tryclear = false

that transport filter can so anything you like, i.e. counting the number
of mails per timeframe per authid and block the ip,
disable the account, clear the messagequeue and it also can technically,
blank the actual message, so it's not spam anymore ;)

It's not what transport filters are used for normally, but i think, it
would do the trick. All you need to make sure is, that STDIN goes
untampered to STDOUT, in case the message is fine. It may drop the
server performance a bit on high traffic systems...

best regards,