Block *successful* SMTP authentications

Post Reply
islandhosting
Junior Member
Posts: 4
Joined: 20 Apr 2015, 18:09

Block *successful* SMTP authentications

Post by islandhosting »

We occasionally see phished/hacked accounts sending spam via authenticated SMTP, and they typically come from a large number of different IPs.

I know we can block based on failed SMTP failed but I'd like to block *successful* SMTP authentications when they come from too many different IPs (or better yet, when they come from too many different countries).

Any way to do this currently?
Top
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: Block *successful* SMTP authentications

Post by Sarah »

Yes, see the csf configuration for LF_DISTSMTP to do this.
Top
Post Reply

Return to “General Discussion (csf)”