Also on the topic on mail server hacking, I would suggest to add IP-restriction
on your mail accounts.
Theres 2 ways to include IP-restrictions in Exim:
The easiest one, is to simply lock out authentication for all unauthorized IPs
(Or simply block in firewall so unauthorized IPs cannot even contact the
submission port).
To lock out authentication, use “auth_advertise_hosts” and set to a list of IPs
or CIDR ranges that are permitted to login to your server.
The more complicated one, is to keep a IP-record for every email account or
even a CIDR (like /24) and use a custom authenticator, which also checks the
IP-number so username + password + IP must match before access is granted.
You can also choose to lock to country by using Geo-IP. So when a user on your
email system logs in first time, his field “Country” is set to the GeoIP of
{IP}.
Next time he logs on, you simply check in a custom authenticator so GeoIP of
{IP} is equal to the “Country” field in database.
That should fix your problem pretty good, since any type of IP restriction or
Country restriction will reduce the attack surface substationally.
Från: Ken Robinson via mailop <mailop@mailop.org>
Skickat: den 24 juli 2023 02:50
Till: mailop <mailop@mailop.org>
Ämne: [mailop] I Need someone from AOL and/or Yahoo to contact me
Last Friday two email addresses on my server with weak passwords were
discovered and used to send thousands of spam messages. By the time I
discovered the problem (it happened when I was asleep and I discovered it a few
hours after), my server was getting blocked by spam lists. This is affecting
mailing lists that run on the server. Both AOL and Yahoo don't bounce the
message, but they end up in the Spam mailboxes. If they had bounced, I could
have reached out sooner.
Ken Robinson
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
