Re: [exim] rejecting dictionary attacks

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dave Evans
Date:  
À: oliver howe
CC: exim-users
Sujet: Re: [exim] rejecting dictionary attacks
On Tue, Sep 19, 2006 at 10:40:56AM +0100, oliver howe wrote:
>
>
> I have the following check for valid users in my configure file in the Routers section
>
> check_valid_user:
> driver = redirect
> domains = mydomain.co.uk
> require_files = !${perl {get_user_dir}{$local_part}{$domain}}
> condition = ${if exists {perl {get_user_dir}{$local_part}{$domain}} {yes} fail}
> data = :blackhole:


Conventional wisdom would be to arrange for your router to only accept valid
users in the first place, then add "require verify = recipient" in your "rcpt"
ACL. Then you don't need to handle all those bounce messages.

> If I try and accept all such messages and bounce back a "unknown local-part
> in domain" error message then the rest of my network will grind to a halt.


Ouch! Yes, that's why most people don't do that.

--
Dave Evans
Power Internet

PGP key: http://powernet.co.uk/~davide/pgpkey