[Exim] Re: smtp auth and brute force attacks

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ulrich Laupert
Date:  
À: exim-users
Sujet: [Exim] Re: smtp auth and brute force attacks
> > What I mean is, when someone is trying to authenticate herself
> > (tested with auth plain), on providing a wrong login/password
> > pair, all what happens is that exim replys with a "535
> > Incorrect authentication data". It neither sleeps for t seconds
>
> "too many smtp errors" will pop up, happen this goes on for long enough.
>


what do you mean with 'pop up'? I grep'ed the exim source files,
but could not find such a message.

> And why use AUTH PLAIN if you are worrying about "brute force" attacks?


Well, not all clients support cram-md5, there is no way I can
shut down auth plain and auth login for the users.

> Use
> AUTH LOGIN or AUTH CRAM-MD5, and do all this over TLS


I disallow smtp auth over unencrypted connections already,
but what does this help in concern to brute force attacks?
The black hat simply uses some ssl-tunnel to run his script
(stunnel for exampel)

Ulrich


--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
NEU: Mit GMX ins Internet. Günstige DSL- & Modem/ISDN-Tarife!