And consider an RBL that tracks IPs used in authentication attacks, like
RATS-AUTH, RATS-NULL from SpamRats..
And you might consider your policies on allowing connections from open
proxies as well in the interm.. given the amount of hackers that use
that to bypass country authentication restrictions.
But at the end of the day, you need transparent 2FA.. there are a few
people now implementing the CLIENTID for that..
On 2023-07-24 10:35, Sebastian Nielsen via mailop wrote:
Also on the topic on mail server hacking, I would suggest to add
IP-restriction on your mail accounts.
Theres 2 ways to include IP-restrictions in Exim:
The easiest one, is to simply lock out authentication for all
unauthorized IPs (Or simply block in firewall so unauthorized IPs cannot
even contact the submission port).
To lock out authentication, use “auth_advertise_hosts” and set to a list
of IPs or CIDR ranges that are permitted to login to your server.
The more complicated one, is to keep a IP-record for every email account
or even a CIDR (like /24) and use a custom authenticator, which also
checks the IP-number so username + password + IP must match before
access is granted.
You can also choose to lock to country by using Geo-IP. So when a user
on your email system logs in first time, his field “Country” is set to
the GeoIP of {IP}.
Next time he logs on, you simply check in a custom authenticator so
GeoIP of {IP} is equal to the “Country” field in database.
That should fix your problem pretty good, since any type of IP
restriction or Country restriction will reduce the attack surface
substationally.
*Från:* Ken Robinson via mailop <[email protected]>
*Skickat:* den 24 juli 2023 02:50
*Till:* mailop <[email protected]>
*Ämne:* [mailop] I Need someone from AOL and/or Yahoo to contact me
Last Friday two email addresses on my server with weak passwords were
discovered and used to send thousands of spam messages. By the time I
discovered the problem (it happened when I was asleep and I discovered
it a few hours after), my server was getting blocked by spam lists.
This is affecting mailing lists that run on the server. Both AOL and
Yahoo don't bounce the message, but they end up in the Spam mailboxes.
If they had bounced, I could have reached out sooner.
Ken Robinson
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
