Author: W B Hacker Date: To: exim users Subject: Re: [exim] Drop smtp connection before authentication
Edison F Carbol wrote: > Hi,
>
> Is it possible to drop smtp connection before authentication per username?
>
> My server is congested with many attempts to authenticate with a deleted
> account.
>
> Thanks,
>
>
> Edison
>
>
Easily.
However .....
unless those unwanted attempts have characteristics, such as arriving from the
same IP, wherein no other active account might also exist, (old/new,
husband/wife) or at least from the same 'pool' of IP, such as a
dynamically-assigned 'connectivity' ISP user community, wherein you have
*neither* a valid user, *nor* a potential 'proper' correspondent MTA
-- in which case you can reject on source IP or source CIDR range either in
Exim's 'connect' phase or just a bit later, (or even in a firewall ahead of Exim...)
-- in any other case, you will have to do enough 'qualifying' to prevent harm to
other arrivals...
...that you might just as well let the authorization fail.
You could be saving the 'cost' of setting-up an encrypted session and doing some
form of DB lookup to fail the auth so it IS worth the attempt.
Personally, I'd be tempted to divert the connection and sort of tarpit it,
and/or allow a POP/IMAP read connection and pop a 'no longer active' notice into
his 'Mailbox' (or known forwarding address) each time he makes an attempt to
auth onto Exim for sending.
That might motivate the former user to change the MUA settings that are trying
to automagically log in to the dead account.
