Re: [exim] Detecting authentication failures

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: Exim-Users ML
Subject: Re: [exim] Detecting authentication failures
On Mon, Mar 19, 2007 at 11:20:34AM +0100, Luca Bertoncello wrote:
> But I need to save in a DB (in real time, of course!) the IPs of the hosts
> that attack me...
>
> I'm sure, Exim can do some actions when the authentication fails and my idea
> was to call a PERL script that count the fails for the IP and, when they
> reach a value, inserts the IP in my Blacklist.
>
> Now the problem: I have no idea WHICH Exim-ACL will be called after the auth
> process...
>
> Could someone help me?


We've implemented something similar by having server_condition run some ${perl
...}. As it happens, in our case we were already using ${perl...} to perform
the authentication check, so we just modified the Perl code that was run.

In the general case, you could just modify server_condition so that, as a
side-effect of failing (i.e. when it's about to fail), it uses ${perl or ${run
or something else which does whatever you want it to.

AFAIK there is no ACL.

Hope this helps,

--
Dave Evans
Power Internet
http://www.powernet.co.uk/~davide/about-powernet.txt