Re: [Exim] smtp auth and brute force attacks

Top Pagina
Delete this message
Reply to this message
Auteur: Suresh Ramasubramanian
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] smtp auth and brute force attacks
On Thursday, October 03, 2002 7:16 PM,
Ulrich Laupert <u.laupert@???> wrote:

> What I mean is, when someone is trying to authenticate herself
> (tested with auth plain), on providing a wrong login/password
> pair, all what happens is that exim replys with a "535
> Incorrect authentication data". It neither sleeps for t seconds


"too many smtp errors" will pop up, happen this goes on for long enough.

And why use AUTH PLAIN if you are worrying about "brute force" attacks? Use
AUTH LOGIN or AUTH CRAM-MD5, and do all this over TLS

    -srs