2012/12/11 <[email protected]>: > Use this instead: http://github.com/Exim/exim/wiki/BlockCracking > and after some time tell us whether it in practice solved the problem with > stolen passwords. >
I think such system (BlockCracking) would produce much false positives in my enviroment. Many of my users have their own mailing dabases and many address-es there might be non-existent. I think it is much simpler to tell smtp user to use only his own adress in From header than tell him not to send to much emails to non existing accounts. But it is nice to know that such idea exists. I think this could work well on servers that are supposed not to be used for mailing at all (legitimate or not) - not mine servers unfortunately :( Besides it is purely anti abuse system, but does not block from header "spoofing" from smtp auth user (with possible trusted users list - build maybe in 2opt-in like gmail) > Some honest users need to send messages with From not equal to > smtp auth username. For example [email protected] or [email protected] > Such services forward incoming mail > but don't offer their own relays for outgoing mail. If some server don't want to provide his smtp (so he can't have problems with service abuse) does not exacly mean that I sould open such possibility to my all users, even those that did not asked for it. I think spamers use this functionality much much often than legitimate users (which you sould be able to whitelist on demand) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
