Re: [Exim] Dictionary Scans - HOWTO

Pàgina inicial
Delete this message
Reply to this message
Autor: Giuliano Gavazzi
Data:  
A: ODHIAMBO G. Washington, exim-users
Assumpte: Re: [Exim] Dictionary Scans - HOWTO
At 13:20 +0300 2003/04/30, ODHIAMBO G. Washington wrote:
>After a few days leave, everything has evaporated, so I seriously need
>some help. I have looked at the archives examples and used the following
>acl to try and keep away dictionary scans but it doesn't seem to work:
>
>drop   message     =  *** Dict scan!. Too many bad recipients,
>$rcpt_fail_count out of $rcpt_count
>            condition   = ${if > {${eval:$rcpt_fail_count}}{2}{yes}{no}}
>            delay       = ${eval: ($rcpt_fail_count + 1) * 1}m
>            log_message = Dictionary attack

>
>
>I've placed this right after the callout acl.
>
>All help welcome.


why calculate the delay when you drop? delay 4m would be equivalent.
I am also not sure how delay interacts with drop.
Also rcpt_fail_count can be off by 1, since the current recipient has
not been yet rejected, so you are only dropping at the (good or bad)
recipient following 3 bad ones.
Personally I start delaying (and denying, not dropping) after one bad
recipient, and this because I feel very tolerant...

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/