Re: [Exim] authentication failure consequences

Top Page
Delete this message
Reply to this message
Author: j.linn
Date:  
To: exim-users
Subject: Re: [Exim] authentication failure consequences
Philip,

This is not quite suitable as authentication is only used to permit
relaying [external/external] for home usage so only those wanting to
relay need authenticate.

What I want to stop, or make harder, is password cracking using brute
force. In my limited experience of SMTP AUTH, it either works as the
userid/password is the same as that for IMAP/POP or fails. Perhaps a count
could be added to the AUTH drivers to limit the number of retries and once
exceeded the call is dropped.

John Linn

On Tue, 14 Oct 2003, Philip Hazel wrote:

> On Tue, 14 Oct 2003, j.linn wrote:
>
> > Using Exim 4.24
> >
> > If authentication fails then is there a way to force the connection to
> > close as well as logging the failure?
>
> Not directly. However, you could add statements to your ACLs that close
> the connection for any MAIL, RCPT, or DATA commands if the session is
> not authenticated.
>
>    drop message = Not authenticated
>         ! authenticated = *

>
>
> --
> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.
> Get the Exim 4 book:    http://www.uit.co.uk/exim-book

>
>