From the http://new-spam-l.com list:
> From: Alan Doherty > we use 3 factors for smtpa > > a username > b password > c is the envelope from one that the user has previously setup on our > systems > > if they fail c the email is rejected at rcpt-to > and the user is sent an email explaining why they are locked out of > smtpa (their user/password still works for admin pop3/imap) > so they can just hop over to the admin page and change their > password to unlock the accounts smtpa, also if it was an error on > their part they can belatedly add the 3rd party envelope-from they > were trying > > this way if an account is successfully used to send spam (ie they > use his from: as well) the torrent of bounces is ours and the users > notification. > > so far its worked > (obviously we also content filter after data, but very few hit the > quarantine queue (if they do the user can release, but a copy is > also flagged for admin review, so far all just bad chain-mail, that > we educate/LART the user for) > > I do worry about the potential for a bot (or human herder) to take > the credentials and use them to admin the account so each new > envelope sender is added before the smtp send, we have yet to add an > automated confirmation loop, its on my to-do list -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
