[exim] dictionary attack .. prevention

Top Page
Delete this message
Reply to this message
Author: Eoin Verling
Date:  
To: exim-users
Subject: [exim] dictionary attack .. prevention
Hi,

I'm running exim 4.50, on debian

I've been looking through the archives on how to counter dictionary
attacks, and there seem to be a number of solutions .. one being:-

insert a rule into the
/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt, near top of file :-

---
deny
    message     = Max 2 failed recipents allowed
    condition   = ${if >{$rcpt_fail_count}{1} {1}}
    delay       = ${eval: ($rcpt_fail_count) * 30}s
    log_message = $rcpt_file_count failed recipient attampts - dict attack
---


something like the above? Such that if the condition is met, the
message gets delayed (as opposed to droped), and can thus be deleted
later?

Is this a (good) solution?

If I'm covering old ground, then no wories, I'll keep digging.

thanks
E