I have an Exim server for our application and I noticed malicious users registering with our app to send bulk spam. I know that Exim has the ability to integrate with SpamAssassin to prevent the arrival of emails with malicious content. But does it have the ability to prevent content-based emails from being sent?
Asked
Active
Viewed 40 times
0
-
That would only augment a broader strategy where you carefully vet customers before allowing them to make your service a burden on the rest of the internet, and carefully investigate any report of unsolicited messages sent through your service. Because just because you limit your outbound messages to those not flagged by SpamAssassin, you have not stopped spam. – anx Aug 26 '22 at 01:52
-
1Is the problem really only limited to *"malicious users registering with our app to send bulk spam"*? That implies that the intended function of your app is to be used to send email (with custom messages and to any recipient the app user desires). If that is the case then you have much more to configure and tune (better sign-up, rate limiting, AV and spam filtering, abuse detection, bounce handling etc.). Or is your app broken? And is sending out random messages to the internet at large not the intended function? Then you need to fix the app, rather than exim. – HBruijn Aug 26 '22 at 06:22
-
@HBruijn We have applied some layers to prevent this kind of use. WAF to detect suspicious behavior and sign-up that needs validation. But we don't know what we can use of Spam Detection that is fast, without need an external API. Akismet requires a connection every time something is done. – Tom Aug 26 '22 at 20:00