Re: [EXIM] logging illegal SMTP commands?

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [EXIM] logging illegal SMTP commands?
On Mon, 10 May 1999 10:10:08 +0100 (BST), you wrote:
>On Sun, 9 May 1999, Marc Haber wrote:
>> |riuztrieouhdgklj
>> |500 Command unrecognized
>> |debug
>> |500 No way!
>
>> None of these things resulted in a log entry. I am thinking that it
>> might be useful to have exim log illegal commands on the SMTP channel.
>> This could be useful in detecting somebody trying to to a buffer
>> overflow or a similar attack. Would having such an option be useful in
>> attack scenarios or would it open ways to attack a mail host itself?
>
>Set log_smtp_syntax_errors.


This does half of the trick. Since trying the "debug" command on the
SMTP channel most certainly denotes an attack, I'd like to have this
logged, too.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29


--
*** Exim information can be found at http://www.exim.org/ ***