Hi there,
while exim is up and running on my server by now, there is one
thing regarding security I see unanswered: is it true that there
is no way to prevent brute force attacks on SMTP authentication?
What I mean is, when someone is trying to authenticate herself
(tested with auth plain), on providing a wrong login/password
pair, all what happens is that exim replys with a "535
Incorrect authentication data". It neither sleeps for t seconds
bevor the reply that the credentials are incorrect, nor does it
disconnect after the n'th failure.
(Please excuse if I am mistaken and there is such a feature with
exim, couldn't find something like explained above though)
Thus it would be quite easy to carry out a brute force attack,
with n-hundred cycles per minute. Perhaps I would only notice
when the logfiles were "overflowing". (Yes, I could set up an
external logfile-analyzer-script, but still ...)
Is there someting planned in regard to that problem mentioned?
Greetings,
Ulrich
--
+++ GMX - Mail, Messaging & more
http://www.gmx.net +++
NEU: Mit GMX ins Internet. Günstige DSL- & Modem/ISDN-Tarife!