Re: [exim] Hit with some kind of hidden multiple recipient…

Top Page
Delete this message
Reply to this message
Author: Sebastian Nielsen
Date:  
To: 'Mailing List'
Subject: Re: [exim] Hit with some kind of hidden multiple recipients relay hack?
And of course add:

auth_advertise_hosts = <colon-separated list of networks your clients come from>

If you have a common ISP that your clients use (for example a corporate mobile ISP), add the CIDR of that operator's ASN.
Thus you limit the attack surface, since bots will not go and guess passwords.

-----Ursprungligt meddelande-----
Från: Slavko via Exim-users <exim-users@???>
Skickat: den 25 februari 2022 15:48
Till: exim-users@???
Ämne: Re: [exim] Hit with some kind of hidden multiple recipients relay hack?

Ahoj,

Dňa Fri, 25 Feb 2022 13:18:27 +0100 Cyborg via Exim-users <exim-users@???> napísal:

> acl_check_data:
>
>    deny    condition  = ${if eq{$authenticated_id}{} {1}{0}}
>                domains = ! +local_domains

>


will not be better to do this check in RCPT ACL and simplify it as this (eventualy add relayed domains):

    deny  !authenticated = *
                !domains = +local_domains #: +relay_to_domains



regards

--
Slavko
https://www.slavino.sk