Thats where you as a administrator must step in and put down the foot, and tell
the users that they must adapt.
The best way here is to require that travelling users VPN to their home
computers or home networks.
And they have to send via the 587 server to get accepted (ergo SPF on all
domains)
Those customers with machines bolted to desks usually use the mail
server of their Internet supplier - via port 25 and with no authentication.
The main reason I have a Port 587 server with authentication is because
I appear to have a large portion of nomadic users. Some customers seem
to be ve
As an alternative to geolocation of IP addresses, consider
asn.routeviews.org.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for
The idea is not to build a 100% foolproof solution.
The idea is to limit the attack surface.
Lets say you have 3 users with really crappy passwords:
Username | Password | First login
Postmaster : retsamtsoP : USA
GoodUser : Password123 : Germany
AnotherUser : qwertyuiop : Denmark
Now lets say yo
Am Dienstag, 19. Februar 2019, 15:57:07 CET schrieb Sebastian Nielsen via
Exim-users:
> Most better firewalls do have an built-in country/GeoIP database, if not,
> you can easily add one.
GeoIP is far from "reliable" for any SMTP/MTA, as there is no geolocation of
a IP address. It offers only a "
On Tue, 19 Feb 2019, Mark Elkins via Exim-users wrote:
I run a "relay" server for my e-mail clients - so they can send out e-mail
from any network they are connected to (so useful for travelling laptops).
This machine runs only on port 587, uses authentication (same password as for
their POP3/
Best way here would be to set up some sort of IP limitation to limit the
attack Surface.
If all of your users belong to the same country, I would suggest firewalling
or restricting the 587 server via GeoIP so it can only be accessed from that
particular country.
Most better firewalls do have an b
> From: Mark Elkins
> I should probably have some EXIM scripts that count repetitive failures,
> both at login authentication and delivery (failure) by a user, and use
> that to do automatic blocking and reporting. Lena probably has a
> solution for that.
https://github.com/Exim/exim/wiki/Bloc
On Feb 19, Mark Elkins via Exim-users wrote
> What can you do? Not everyone uses my relay - so I have a flag that needs to
> be first switched on for the relay authentication to work. I also insist
> that passwords are reasonably long and not based on the username. I build a
> list every few months
On Tue, 19 Feb 2019, Mark Elkins via Exim-users wrote:
> I run a "relay" server for my e-mail clients - so they can send out
> e-mail from any network they are connected to (so useful for travelling
> laptops). This machine runs only on port 587, uses authentication (same
> password as for th
Am Dienstag, 19. Februar 2019, 11:38:22 CET schrieb Odhiambo Washington via
Exim-users:
> How they end up hacking this account is something of a mystery now. This is
> the second time in as many months.
..."usually" they got user login credentials in any way.
from my experience, most typical is:
I run a "relay" server for my e-mail clients - so they can send out
e-mail from any network they are connected to (so useful for travelling
laptops). This machine runs only on port 587, uses authentication (same
password as for their POP3/IMAP account) - etc etc.
Some nefarious people are cont
On Tue, 19 Feb 2019 at 13:33, Heiko Schlittermann via Exim-users <
exim-users@exim.org> wrote:
> Odhiambo Washington via Exim-users (Di 19 Feb 2019
> 11:20:07 CET):
> > I am seeing some spam going through my server, but I am not sure what
> > method is being used by the spammer:
> >
> > exim -Mvh
Odhiambo Washington via Exim-users (Di 19 Feb 2019
11:20:07 CET):
> I am seeing some spam going through my server, but I am not sure what
> method is being used by the spammer:
>
> exim -Mvh 1gw0Ng-0002NF-1H
> 1gw0Ng-0002NF-1H-H
> mailnull 26 26
>
> 1550563436 0
> -received_time_usec .039642
> -
I am seeing some spam going through my server, but I am not sure what
method is being used by the spammer:
exim -Mvh 1gw0Ng-0002NF-1H
1gw0Ng-0002NF-1H-H
mailnull 26 26
1550563436 0
-received_time_usec .039642
-helo_name [192.6.3.50]
-host_address 74.142.119.226.1591
-host_name rrcs-74-142-119-226
15 matches
Mail list logo