[exim] rejecting dictionary attacks

Page principale
Supprimer ce message
Répondre à ce message
Auteur: oliver howe
Date:  
À: exim-users
Sujet: [exim] rejecting dictionary attacks


I have the following check for valid users in my configure file in the Routers section

check_valid_user:
driver = redirect
domains = mydomain.co.uk
require_files = !${perl {get_user_dir}{$local_part}{$domain}}
condition = ${if exists {perl {get_user_dir}{$local_part}{$domain}} {yes} fail}
data = :blackhole:

It uses perl to check they are valid on the system as the mail server punts the messages on to a different server that contains the actual mail directories. It works really well (has discarded over 200,000 messages so far today alone). Can I add anything to this router so that if it sees many such messages from the same host then it will ignore that host in future?

If I try and accept all such messages and bounce back a "unknown local-part in domain" error message then the rest of my network will grind to a halt.

Thanks,

Oliver


--


Oliver Howe
Senior Systems Administrator

Tel: +44 (0) 20 7664 7811
Fax: +44 (0) 20 7664 7878

Spider Networks - the power behind interactive web communications - www.spider-networks.net


--
Confidentiality Notice: This email is confidential and may also be privileged. If you are not the intended recipient, please notify the sender IMMEDIATELY; you should not copy the email or use it for any purpose or disclose its contents to any other person. General Statement: Any statements made, or intentions expressed in this communication, may not necessarily reflect the view of Spider Networks, that no content herein may be held binding upon Spider Networks or any associate or any associated company unless confirmed by the issuance of a formal contractual document or purchase order.