Re: [Exim] [patch] anti sorted dictionary attack

Góra strony
Delete this message
Reply to this message
Autor: Fred Viles
Data:  
Dla: exim-users
Temat: Re: [Exim] [patch] anti sorted dictionary attack
On 5 Mar 2004 at 15:53, Ollie Cook wrote about
    "[Exim] [patch] anti sorted dictiona":


| This patch may be useful to some sites. It enables you to detect sorted
| dictionary attacks and take action as you see fit in ACLs.

|...

I've been using the usual test for 50% failure rate:

    condition = \
        ${if and { \
          {> {$rcpt_count} {3}} \
          {< {$recipients_count} {${eval:$rcpt_count/2}}} \
        } {yes} {no}}


one in the RCPT ACL to deny all RCPTs after the threshold is reached,
and one in the DATA ACL to deny any successfull RCPTs that may have
preceded the threshold being reached. It seems to work quite well
against dictionary attacks. The numbers can be tweaked, of course.

I didn't think this up, it's a standard recipe you were probably
aware of. What advantage have you found in using your patch instead?

- Fred