On Wed, Aug 03, 2016 at 11:52:16AM +0000, Haynes, Jonathan wrote: > We use ratelimit on outbound to protect against compromised > accounts sending spam but we don't check inbound although > obviously you could adapt this. > > This is used in conjunction with control = freeze
Ditto, though rather than freezing message on the separate mailhubs (which is tedious to manage after a while) we just set an ACL variable. This triggers a router to send them to a single other host where the freeze happens. A copy of the mail gets dropped into a mailbox for easy checking and release or delete (by moving to other mailboxes, which a simple script checks and then processes the exim queue). The ACL variable is also set by custom ClamAV signatures, anti-phishing-email-reply addresses, other rate-limit type logic (built with exim ACLs), etc. But ratelimit ACL rules are definitely the place to start, and can be very effective even on their own. Matthew -- Matthew Newton, Ph.D. <[email protected]> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <[email protected]> -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
