|The current exim.pl files have the ability to track who is sending email. There is an option to turn on a limit for how many emails are sent by a particular user. To enable this limit, simply add the number of emails you'd likely to allow per day to the /etc/virtual/limit file.|
For most cases 200 emails should be enough for any users.
Once the limit file has a number greater than 0, the exim.pl will start to count the number of emails sent by a user. In the /etc/virtual/usage directory, there will be 2 types of files. 'username' and 'username.bytes'. The bytes file will store how large each email was. The total sum of the bytes in that files will give the amount of outgoing smtp bandwidth used that day (this is always enabled). The other file ('username') is used to count the number of emails sent. Each email sent will add another byte to the file, so the exact size of the file is the number of emails sent.
When looking for a spammer, check the /etc/virtual/usage/username files to see a larger file, and also check /etc/virtual/usage/username.bytes, to look for a repeated size. Large number of same-sized emails generally indicates spam.
Enforcing strong passwords is a good way to prevent passwords from being guessed.
Difficult Password Enforcement
A new feature of the exim.pl (as of Jan 2011) is the ability to specify custom limits on a per-User basis (per DA-User). To do this, first ensure you have the latest exim.pl. You can confirm this by checking for this line:
if (open (LIMIT, "/etc/virtual/limit_$name"))If you have that line in your exim.pl, then you're good to go. If not, save it to /etc/exim.pl and restart exim. The same basic rules apply, you just need to type:
echo 300 > /etc/virtual/limit_usernamewhere username is the User you wish to give the special limit to. This overrides the default /etc/virtual/limit file for that User.
If you think you might have a spammer, check your /etc/virtual/usage directory for a larger than normal filesize.
Any authenticated sends will show up with this command:
|How to update your exim.conf|
|Exim is going crazy, how can I track down what it's doing?|
|Warning: 200 emails have just been sent by unknown|
|Detecting and preventing brute force login attacks|
|My server is sending spam. What do I do?|
© 2003 JBMC Software, Suite 173 3-11 Bellerose Drive, St Albert, AB T8N 1P7 Canada. Mon-Fri 9AM-5PM MST