Hi,
I'm running exim 4.50, on debian
I've been looking through the archives on how to counter dictionary
attacks, and there seem to be a number of solutions .. one being:-
insert a rule into the
/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt, near top of file :-
---
deny
message = Max 2 failed recipents allowed
condition = ${if >{$rcpt_fail_count}{1} {1}}
delay = ${eval: ($rcpt_fail_count) * 30}s
log_message = $rcpt_file_count failed recipient attampts - dict attack
---
something like the above? Such that if the condition is met, the
message gets delayed (as opposed to droped), and can thus be deleted
later?
Is this a (good) solution?
If I'm covering old ground, then no wories, I'll keep digging.
thanks
E
