[exim] Detecting authentication failures

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MDave Evans at ->
Delete this message
Reply to this message
Author: Luca Bertoncello
Date:  
To: Exim-Users ML
Subject: [exim] Detecting authentication failures
Hi, list!

I can see every day in the exim_mainlog that someone tries to authenticate on
my system, with invalid usernames and (of course!) passwords.

I know for sure, that this is an attack.

Now I'd like to write a little system to deny the connection for the hosts
that tried to attack me.

To implement this daemon is very simple, maybe directly in the ACL for
HELO/EHLO.

But I need to save in a DB (in real time, of course!) the IPs of the hosts
that attack me...

I'm sure, Exim can do some actions when the authentication fails and my idea
was to call a PERL script that count the fails for the IP and, when they
reach a value, inserts the IP in my Blacklist.

Now the problem: I have no idea WHICH Exim-ACL will be called after the auth
process...

Could someone help me?

Thanks
--
_______________________________
Luca Bertoncello
-Programmierung / Mailserver-

IMS Internet-Media-Service GmbH
Bayrische Str. 18
01069 Dresden

Geschäftsführer: Axel C.E. Wittig
Registergericht: Amtsgericht Dresden HRB 12 899

Fon: +49 351 2112034
Fax: +49 351 2112020
E-Mail: bertoncello@???
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] New openssl-0.9.8f / exim-4.66 patch - problemRe: [exim] Detecting authentication failures->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)