Re: [Exim] Re: dictionary attacks

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAlan J. Flavell at <-
M\Alan J. Flavell at ->
Delete this message
Reply to this message
Author: Kevin P. Fleming
Date:  
To: Alan J. Flavell
CC: exim-users@exim.org
Subject: Re: [Exim] Re: dictionary attacks
Alan J. Flavell wrote:

> Already in 4.10 I see that we have $rcpt_count and $recipients_count
> available in ACLs, and I kind-of reasoned that if $rcpt_count had
> reached, say, 4, and no (or perhaps at most 1) valid recipient address
> had been achieved, then this was probably another dictionary scan
> episode. Seem reasonable?
>
> Of course at this point there's no use simply issuing a "deny",
> because the smtp call stays up and the caller simply continues with
> their merry scan. So instead I would run a sequence of /bin/sleep 59
> for long enough (six seems to be enough) for the caller to give up.
> Something like:

Check the archive threads from last week entitled "Basic Teergrubing...", where
we discussed (among other things) this very topic. With Exim 4.11 there is a
much simpler way to do this that doesn't require running external programs.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Re: dictionary attacks[Exim] Bogofilter and system wide filter->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)