> From: Sebastian Nielsen
> I would suggest using an config that restricts authenticated users to
> a specific IP range. Then no bots from china can successfully guess a
> account.
I restrict authenticated users to a non-standard port (neither 25, 465 nor 587):
daemon_smtp_ports = 25 : 1234
accept authenticated = *
condition = ${if !={$received_port}{25}}
control = submission/domain=
If bots aren't blocked, they waste connection time and RAM, in effect like DoS.
This https://github.com/Exim/exim/wiki/BlockCracking blocks bots from both
wasting resources and spamming.
> That will prevent accounts from being hacked and used in spamming
Passwords mostly are stolen with Windows malware or phishing.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
