On Tue, 19 Feb 2019, Mark Elkins via Exim-users wrote:
I run a "relay" server for my e-mail clients - so they can send out e-mail
from any network they are connected to (so useful for travelling laptops).
This machine runs only on port 587, uses authentication (same password as for
their POP3/IMAP account) - etc etc.
Some nefarious people are continuously trying to discover valid username and
password combos. Once they do - they flood that account with SPAM. Much
bounces back to my clients - whom after a few days tell me (delayed due to
embarrassment?) Often, these "scans" are being done in what looks like quite
a random way, from multiple IP addresses and reasonably infrequently - say
once a minute.
If you don't already, run a spamchecker on your outgoing email.
Even at once a minute your can rate-limit; I doubt that many of your
clients send 5 emails in 10 minutes, so you can use exim's rate-limiting
here. You can limit the number of recipients too.
--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/