Am 25.09.19 um 11:21 schrieb Heiko Schlittermann via Exim-users: > > In MAIL ACL (or later) you can block messages from authenticated users > if authenticated ID does not match the sender address, or you can > ratelimit on the authenticated ID >
ehm.. we are talking about a hacked mail account, not legimit users sending too much mail. The main goal needs to stop those attackers from abusing the system at all. So, besides strict "from:" checks, i suggest to implement a database check for last sending ips. If you find too much entries in that database, you can reject those mails and execute a script to disable the account. @Mark & Heiko: Thanks for the problem, I had a brilliant idea how to improve my exim setup :D best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
