Hi Paul, This is a complex problem. How many users do you have in your system?
On Tue, May 27, 2014 at 11:03 AM, Paul Warren <[email protected]> wrote: > We're seeing a growing problem of spam being sent through our servers > using compromised authenticated SMTP credentials. > > We suspect that the credentials are being stolen using malware on the > users' computers (over which we have no control). > > Obviously we block the accounts as quickly as possible once we become > aware of the problem, but typically by this point we'll be on multiple > blacklists. > > Does anyone have any suggestions for detecting and blocking, or at least > limiting the impact of, such attacks? > > We're currently considering rate-limiting, or trying to detect where a > single user is using multiple IPs in quick succession. > > thanks, > > Paul > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- *Ken Simpson*, CEO MailChannels Tel: *604-685-7488* www.mailchannels.com twitter.com/ttul* | *ca.linkedin.com/in/ksimpson -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
