Re: [Exim] dictionary attack

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: George Szekely
CC: exim-users
Subject: Re: [Exim] dictionary attack
George Szekely wrote:
> I've tried the following condition which seems to work only on
> request coming in at the same time.
>
> ${if = {${eval:$rcpt_fail_count}}{1}{yes}{no}}
>
> But I get hit every 5 to 10 seconds from the same IP (even the IP
> changes regularly after a while) for a different user address. Is it
> possible to insert a delay, like 3 minutes to hosts that just tried
> to hit a nonexistent user (Unrouteable address) - in the router
> section? Or anyone has a suggestion on how to get rid of them?


How about this?

deny message   = Recipient unknown
      !verify   = recipient
      delay     = ${eval: ($rcpt_fail_count + 1) * 1}m


Nico