On Thursday, October 03, 2002 7:16 PM,
Ulrich Laupert <u.laupert@???> wrote:
> What I mean is, when someone is trying to authenticate herself
> (tested with auth plain), on providing a wrong login/password
> pair, all what happens is that exim replys with a "535
> Incorrect authentication data". It neither sleeps for t seconds
"too many smtp errors" will pop up, happen this goes on for long enough.
And why use AUTH PLAIN if you are worrying about "brute force" attacks? Use
AUTH LOGIN or AUTH CRAM-MD5, and do all this over TLS
-srs
