Re: [Exim] smtp auth and brute force attacks

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Suresh Ramasubramanian
Datum:  
To: exim-users
Betreff: Re: [Exim] smtp auth and brute force attacks
On Thursday, October 03, 2002 7:16 PM,
Ulrich Laupert <u.laupert@???> wrote:

> What I mean is, when someone is trying to authenticate herself
> (tested with auth plain), on providing a wrong login/password
> pair, all what happens is that exim replys with a "535
> Incorrect authentication data". It neither sleeps for t seconds


"too many smtp errors" will pop up, happen this goes on for long enough.

And why use AUTH PLAIN if you are worrying about "brute force" attacks? Use
AUTH LOGIN or AUTH CRAM-MD5, and do all this over TLS

    -srs