Re: [Exim] smtp auth and brute force attacks

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Suresh Ramasubramanian
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [Exim] smtp auth and brute force attacks
On Thursday, October 03, 2002 7:16 PM,
Ulrich Laupert <u.laupert@???> wrote:

> What I mean is, when someone is trying to authenticate herself
> (tested with auth plain), on providing a wrong login/password
> pair, all what happens is that exim replys with a "535
> Incorrect authentication data". It neither sleeps for t seconds


"too many smtp errors" will pop up, happen this goes on for long enough.

And why use AUTH PLAIN if you are worrying about "brute force" attacks? Use
AUTH LOGIN or AUTH CRAM-MD5, and do all this over TLS

    -srs