> > > > > On 15.09.23 15:31, Riccardo Alfieri wrote: > >> Yes, at previous $dayjob. Applied on the submission MSA, it proved to > >> be useful in mitigating the fallout when users got their credentials > >> compromised. > > > > can you describe it more? > > > Well, I checked the connecting IP of a client againts AuthBL *before* > "permit_sasl_authenticated" (IIRC) in postifx and when users got their > credential compromised (that happened more times than I would have > liked) I'd say more than 95% of connections from auth abusing botnet > were denied. This mitigated a lot the spam exiting from our outbounds > and helped us not ending up being listed in the more "trigger happy" > dnsbls around :) >
Is this a freely available list?