Stop suspicious emails?

[unixguru]

Is there a way to ensure that exim will only send mails from correctly configured email accounts on the server.

i.e. stops users sending from addresses not configured in their users accounts?

I've got a server and some suspected spammers.

Also is there a way to query exim about how many mails each user has sent?

 

[LawsHosting]

I'd check if the spam is generated by an account (auth'd), or by a rogue php script, then go from there.

If you think an account is compromised, shut them off and explain. Furthermore, I'd implement http://help.directadmin.com/item.php?id=81 if you are wary of spammers on an Exim level.

 

[unixguru]

I believe it's probably the latter.

I've seen email returned to the server which have been sent from random@servername rather than email_user@legitimate_domain.

Is there anyway to stop PHP from sending out mails from accounts which have no return user.

This particular server is humungous and I'm worried it's IP with get blacklisted, want to be proactive, before 100s of users are affected.

 

[nobaloney]

The simple answer is to do as Peter Laws suggested and implement shut off email at limit. Otherwise you can write something in exim filter to do the same thing. You can remove the 127.0.0.1 from relay hosts (EDIT#16 in SpamBlocker 4.x) and require authorization for all outgoing email.

Jeff