On Tue, 6 Aug 2019, Randy Bush via Exim-users wrote: > From: Randy Bush via Exim-users <[email protected]> > To: exim users <[email protected]> > Date: Tue, 06 Aug 2019 11:37:14 -0700 > Subject: [exim] detecting overly frequent smtp from real user > Reply-To: Randy Bush <[email protected]> > > had a legit user user with weak password. someone cracked it and > used it to drive a lot of spam by smtping in with plain auth. > > anyone have scripting to raise alerts if there is inbound smtp > from a legit user above some threshold?
See: https://github.com/Exim/exim/wiki/BlockCracking -- Dennis Davis <[email protected]> -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
