had a legit user user with weak password. someone cracked it and used it to drive a lot of spam by smtping in with plain auth.
anyone have scripting to raise alerts if there is inbound smtp from a legit user above some threshold? i will also likely remove all user passwords from /etc/passwd (as shell access is ssh key only anyway) and put passwords for legit smtpers into `server_condition` in `authenticators` randy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
