On 27/05/2014 19:29, Jeremy Harris wrote:
On 27/05/14 19:03, Paul Warren wrote:
We're seeing a growing problem of spam being sent through our servers
using compromised authenticated SMTP credentials.
[...]
We're currently considering rate-limiting, or trying to detect where a
single user is using multiple IPs in quick succession.
Do you get undeliverables? Bounces? Monitor the rate.
Yes - we'll look at the posted approach for doing just that.
Do they send with multiple envelope-from addresses from the one
account? Monitor that rate.
On the last few that we've seen, no, they seem to consistently use the
SMTP username as the envelope-from.
Paul
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
