On 5 Jul 2021, at 13:25, Niels Dettenbach via Exim-users wrote:
> Am Montag, 5. Juli 2021, 13:19:45 CEST schrieb Niels Kobschätzki: >> The moment I identify them I lock them out of the system, remove all their >> mails in the queues and they have to reset their password before they can >> do anything again. The problem is the identification because you usually >> get to know it only, when the accounts are actively misused. If I get to >> know that users where specifically targeted I inform them. And at 2am in >> the night it might already be too late (you landed yourself on blacklists) >> - even though you still kick them from the system. > > ...beside exims "ratelimiting" (which is just lowering the impact at the cost > of all users) actually depending on how the rate limiting works it doesn’t impact all users and I can whitelist users that are legitimate but would be hit by the rate-limiting. > - is there any way to monitor the webmail webserver or > application logs from your webmail system (most known webmail solutions do/ > allow some way to log with "username")? If someone sends out hundreds of > mails per hour per webmail, this is probably bot behaviour (fail2ban or > similiat tools may help then reacting with "some command")... > > just as an idea... Unfortunately that’s not so easy because you would need to extend the webmail-software with a plug-in so that the webmailer is actually aware of something like this. And 500 mails with 1 address and 10 mails with 50 addresses would be probably something different for the webmailer. There are some parts on the webmail-side where you can make things harder depending on the webmailer. Niels
smime.p7s
Description: S/MIME digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
