> > What I mean is, when someone is trying to authenticate herself
> > (tested with auth plain), on providing a wrong login/password
> > pair, all what happens is that exim replys with a "535
> > Incorrect authentication data". It neither sleeps for t seconds
>
> "too many smtp errors" will pop up, happen this goes on for long enough.
>
what do you mean with 'pop up'? I grep'ed the exim source files,
but could not find such a message.
> And why use AUTH PLAIN if you are worrying about "brute force" attacks?
Well, not all clients support cram-md5, there is no way I can
shut down auth plain and auth login for the users.
> Use
> AUTH LOGIN or AUTH CRAM-MD5, and do all this over TLS
I disallow smtp auth over unencrypted connections already,
but what does this help in concern to brute force attacks?
The black hat simply uses some ssl-tunnel to run his script
(stunnel for exampel)
Ulrich
--
+++ GMX - Mail, Messaging & more
http://www.gmx.net +++
NEU: Mit GMX ins Internet. Günstige DSL- & Modem/ISDN-Tarife!
