On 15/09/23 17:35, Matus UHLAR - fantomas wrote:
On 15.09.23 15:31, Riccardo Alfieri wrote:
Yes, at previous $dayjob. Applied on the submission MSA, it proved to
be useful in mitigating the fallout when users got their credentials
compromised.
can you describe it more?
Well, I checked the connecting IP of a client againts AuthBL *before*
"permit_sasl_authenticated" (IIRC) in postifx and when users got their
credential compromised (that happened more times than I would have
liked) I'd say more than 95% of connections from auth abusing botnet
were denied. This mitigated a lot the spam exiting from our outbounds
and helped us not ending up being listed in the more "trigger happy"
dnsbls around :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
