Auteur: Cyborg Date: À: Niels Kobschätzki CC: exim-users Sujet: Re: [exim] Better way to deal with phished users?
Am 05.07.21 um 14:42 schrieb Niels Kobschätzki: >
> I want to automate the acting upon it. This is about damage
> mitigation when the preventive measures didn’t help.
>
that transport filter can so anything you like, i.e. counting the number
of mails per timeframe per authid and block the ip,
disable the account, clear the messagequeue and it also can technically,
blank the actual message, so it's not spam anymore ;)
It's not what transport filters are used for normally, but i think, it
would do the trick. All you need to make sure is, that STDIN goes
untampered to STDOUT, in case the message is fine. It may drop the
server performance a bit on high traffic systems...