Jethro, >> Regardless of any technical answers, is it too obvious to suggest:
>> o/ change the password on the account >> o/ suspend the account >> o/ don't provide service to bad people This is brilliant idea. Do you mind if I pipe our Exim mainlog file to your terminal so you can spot these users right in time and alert me to suspend their accounts? Any complaints raised through the postmaster account and the like are usually way too late as professional spammers will have abused the account to sent ten thousands of mails before the first people complain. Don't forget about time zones here! I should explain what spamGuard does: It basically monitors the log file every five minutes and counts how many emails a user has sent. If this goes over a certain threshold (say 20 emails in a five minute interval) that user will end up a on throttling list meaning any further emails will be delayed. If he hits the next threshold the user will get temporarily suspended and the admin alerted via email to take care. Which usually means: Talk to the user, find out if this is due a virus infection or if the user really is a bad guy. The rationale is: A spammer will have a hard time sending more than a couple of dozends of mails before we will automatically be stopped, and this without any human intervention. On the other hand, hardly any "normal" user will have to send more then 20 mails every five minutes, will he? For mailing lists and special users there is a whitelist of priviledged accounts which do not fall under this limits. So let me ask my original question in a different way: How would I implement such a mechanism with Exim? Regards, Torsten > On Wed, 11 May 2005 [EMAIL PROTECTED] wrote: > >> I don't need SpamAssassin, at least not here, because the problem is not preventing incoming spam from reaching our user's mailboxes but unfortunately we habe issues with users that have an account and are properly logged in sending out spam. >> >> This might be both because >> >> - they are bad people or >> - either someone has hacked their account and is abusing it or there is malware (worm, virus, ...) on a PC that has a proper SMTP AUTH >> connection >> to our server > > Regardless of any technical answers, is it too obvious to suggest: > > o/ change the password on the account > o/ suspend the account > o/ don't provide service to bad people > > ? > > Jethro. > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > > -- > ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
