On Tue, 15 Aug 2006, Robert Fargher wrote:
> Still, it'd be nice to be able to have greater control over what is being
> logged. In 24 hours, the exim main log was about 300 MB due to these
> dictionary attacks being rejected.
I didn't implement a log selector for this because I assumed that
sysadmins would want to know when their MTAs were rejecting stuff.
However, I see the issue when logs get enormous because of dictionary
attacks.
A selector such as "do not log RCPT rejects" would be efficient, but
rather heavy handed. Maybe something better would be an ACL control, so
that you could choose when not to log something. For example, you could
then log attempts to relay, but not log dictionary attacks on unknown
users. Noted for thinking about.
--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book
