[Exim] smtp auth and brute force attacks

Etusivu
Poista viesti
Vastaa
Lähettäjä: Ulrich Laupert
Päiväys:  
Vastaanottaja: exim-users
Aihe: [Exim] smtp auth and brute force attacks
Hi there,

while exim is up and running on my server by now, there is one
thing regarding security I see unanswered: is it true that there
is no way to prevent brute force attacks on SMTP authentication?

What I mean is, when someone is trying to authenticate herself
(tested with auth plain), on providing a wrong login/password
pair, all what happens is that exim replys with a "535
Incorrect authentication data". It neither sleeps for t seconds
bevor the reply that the credentials are incorrect, nor does it
disconnect after the n'th failure.
(Please excuse if I am mistaken and there is such a feature with
exim, couldn't find something like explained above though)

Thus it would be quite easy to carry out a brute force attack,
with n-hundred cycles per minute. Perhaps I would only notice
when the logfiles were "overflowing". (Yes, I could set up an
external logfile-analyzer-script, but still ...)

Is there someting planned in regard to that problem mentioned?

Greetings,

Ulrich



--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
NEU: Mit GMX ins Internet. Günstige DSL- & Modem/ISDN-Tarife!