Of course its important to apply the same IP-based restriction on the IMAP/POP3 server. But since exim4 isn't IMAP/POP3 its a bit off topic for this list.
-----Ursprungligt meddelande----- Från: Exim-users <[email protected]> För Cyborg via Exim-users Skickat: den 26 september 2019 23:15 Till: [email protected] Ämne: Re: [exim] New compromise...? Am 25.09.19 um 21:50 schrieb Sebastian Nielsen via Exim-users: > Sebastian Nielsen via Exim-users <[email protected]> (Mi 25 Sep 2019 05:49:26 EDT): >> Another way to deal with compromises is to IP-restrict the user accounts so they can only login from where they are supposed to login from. >> If ALL of your users "belong" to the same country - for example i fits a company-internal email server, I would suggest set auth_advertise_hosts to a list of CIDR ranges that your country, or even better, your company, uses. If you do this, you will never know, that the account got compromised. The attackers can use the stolen creds to read all the user mails. By detecting and disabling the compromised account, you can stop the outbreak and inform your user about his hacked device. best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
