And of course add:
auth_advertise_hosts = <colon-separated list of networks your clients come from>
If you have a common ISP that your clients use (for example a corporate mobile ISP), add the CIDR of that operator's ASN.
Thus you limit the attack surface, since bots will not go and guess passwords.
-----Ursprungligt meddelande-----
Från: Slavko via Exim-users <exim-users@???>
Skickat: den 25 februari 2022 15:48
Till: exim-users@???
Ämne: Re: [exim] Hit with some kind of hidden multiple recipients relay hack?
Ahoj,
Dňa Fri, 25 Feb 2022 13:18:27 +0100 Cyborg via Exim-users <exim-users@???> napísal:
> acl_check_data:
>
> deny condition = ${if eq{$authenticated_id}{} {1}{0}}
> domains = ! +local_domains
>
will not be better to do this check in RCPT ACL and simplify it as this (eventualy add relayed domains):
deny !authenticated = *
!domains = +local_domains #: +relay_to_domains
regards
--
Slavko
https://www.slavino.sk
