Do not allow some ids to authenticate

Jose-Marcio Martins da Cruz jose-marcio.martins at ensmp.fr
Tue Oct 22 09:35:16 EDT 2013


On 10/22/2013 03:11 PM, Jim Howell wrote:
> Hi,
> 	Thanks for the response.  One question however.  The "spammer at aol.com"
> that is the envelope from, correct?  We offer an authenticated server for
> people to use to send email via a fat client such as Thunderbird.  The
> problem I'm trying to solve is to refuse their connection when they
> authenticate and not at the envelope from, aka earlier	in the SMTP
> session.  We unfortunately have too many people with compromised
> credentials using the service.  Thanks.

Don't know about your domain, but this equality isn't usually valid, and you shouldn't reject 
messages just based on this.

There are other ways to solve your problem. On of them is to do rate limits, based on connection 
rate/message rate or recipient rate, to avoid spam being sent. Take a look at :

	http://www.j-chkmail.org/wiki/doku.php/doc/howto/outgoing_spam

the idea is there, using our filter, but you can implement it with others if you prefer.

To avoid accounts being compromised you can, e.g., reject outgoing messages (with credentials) being 
sent to some database of phishers reply adresses. Take a look at

   http://groups.google.com/group/anti-phishing-email-reply-discuss/topics



-- 

  Envoyé de ma machine à écrire.
  ---------------------------------------------------------------
   Spam : Classement statistique de messages électroniques -
          Une approche pragmatique
   Chez Amazon.fr : http://amzn.to/LEscRu ou http://bit.ly/SpamJM
  ---------------------------------------------------------------
  Jose Marcio MARTINS DA CRUZ            http://www.j-chkmail.org
  Ecole des Mines de Paris                   http://bit.ly/SpamJM
  60, bd Saint Michel                      75272 - PARIS CEDEX 06
  mailto:Jose-Marcio.Martins at mines-paristech.fr


More information about the Cyrus-sasl mailing list