On 2019-09-25, Sebastian Nielsen via Exim-users <[email protected]> wrote: > Another way to deal with compromises is to IP-restrict the user accounts so > they can only login from where they are supposed to login from. > If ALL of your users "belong" to the same country - for example i fits a > company-internal email server, I would suggest set auth_advertise_hosts to a > list of CIDR ranges that your country, or even better, your company, uses. > > If different users belong to different countries, for example if you run a > webhosting company, I would suggest putting the country that was used to > either register the account, or the country who did issue the credit card that > was used to pay for the webhosting, in a database.
Um, some people do occasionally travel, you know. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
