Hi Dean,
this sounds really good.
Could you please describe how this works? for example: after 15 failures the
client ist blocked for 2 hours.
If you don`t mind, a sample configuration file would be really helpful.
Thank you very much.
Regards
Torsten
Dean Brooks wrote:
>
> Here's what we use to automatically control failed authentication
> attempts.
> If you have this in place, your server will automatically begin rejecting
> hosts that send repeated auth failure attempts.
>
> You can change the BADAUTH_LIMIT macro to any rate you like, but we use
> 15 failed attempts in 2 hours as the threshold.
>
> In the global config section of your config:
>
> BADAUTH_LIMIT = 15 / 2h
>
> acl_smtp_connect = check_connection
> acl_smtp_quit = check_quit
> acl_smtp_notquit = check_notquit
>
> In the ACL section of your config:
>
> check_connection:
> drop message = Too many failed authentication attempts
> ratelimit = BADAUTH_LIMIT / noupdate /
> badauth:$sender_host_address
>
> check_quit:
> accept condition = ${if eq{$authentication_failed}{1}}
> ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address
>
> check_notquit:
> accept condition = ${if eq{$authentication_failed}{1}}
> ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address
>
> We need the rate limiting portion in BOTH the "quit" and "notquit"
> sections
> for this to work properly, as you don't know how the connection will
> end up closing.
>
> You also don't want to put the ratelimiting in the RCPT or DATA section,
> because the connection will never get that far (they haven't
> authenticated!).
> You can't put it in the MAIL section either because, again, they haven't
> authenticated.
>
> Thought someone else might find this useful. Rate limits are fun. :)
>
> --
> Dean Brooks
> dean@???
>
--
View this message in context:
http://www.nabble.com/Drop-smtp-connection-before-authentication-tp24569739p26083523.html
Sent from the Exim Users mailing list archive at Nabble.com.
