Re: [Exim] smtp auth and brute force attacks

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Suresh Ramasubramanian
Date:  
À: exim-users
Sujet: Re: [Exim] smtp auth and brute force attacks
On Thursday, October 03, 2002 7:16 PM,
Ulrich Laupert <u.laupert@???> wrote:

> What I mean is, when someone is trying to authenticate herself
> (tested with auth plain), on providing a wrong login/password
> pair, all what happens is that exim replys with a "535
> Incorrect authentication data". It neither sleeps for t seconds


"too many smtp errors" will pop up, happen this goes on for long enough.

And why use AUTH PLAIN if you are worrying about "brute force" attacks? Use
AUTH LOGIN or AUTH CRAM-MD5, and do all this over TLS

    -srs