Re: [Exim] Different Teergrub/Dictinary Attack

Pàgina inicial
Delete this message
Reply to this message
Autor: Sheldon Hearn
Data:  
A: Alan J. Flavell
CC: Exim users list
Assumpte: Re: [Exim] Different Teergrub/Dictinary Attack

On Fri, 12 Sep 2003 16:44:01 +0100, "Alan J. Flavell" wrote:

> As we discussed here recently, though, this approach (no matter what
> limit you set) permits of a trivial workaround for the spammers: they
> just have to use RSET.
>
> I was preparing to move towards counting in the call-wide acl_c
> variables... i.e I had inserted a "warn" to find out what it would do,
> preparatory to using it instead of the existing checks - which are
> based on $rcpt_count (the number of attempted rcpt) and
> $recipients_count (the number of good recipients), [...]


Nice idea.

I'm using this in my acl_smtp_rcpt, and it's working quite well:

  #
  # Reject suspected dictionary attacks with lightweight teergrub.
  # ACL VARIABLES: acl_c0
  #
  warn    !verify       = recipient
          set acl_c0    = ${if !def:acl_c0 {1}{${eval:$acl_c0 + 1}}}
  drop    message       = too many unrouteable recipient addresses
          log_message   = too many unrouteable recipient addresses
          condition     = ${if >{$acl_c0}{4} {1}}
          hosts         = !127.0.0.1/32 : !10.0.0.0/24 : *
          delay         = 1m
  #


Thanks,
Sheldon.