> From: Benoit Panizzon > we mainly get the usual problems with customers who hand out their > email credentials in reply to phishing emails or get trojans who steal > them from their computers. > > To mitigate those problems we have implemented those mechanisms:
> * If count(IP) in delta time > IPlimit block account and require > password change. > * If count(geoIP) in delta time > Geolimit block account and require > password change. > * If count(recipients) in delta time > RecipientLimit - tempfail and > notify postmaster to check manually. > What else could we do? This code for Exim detects compromised accounts by rate of invalid recipients: https://github.com/Exim/exim/wiki/BlockCracking _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
