Re: [exim] Drop smtp connection before authentication

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Totty
Date:  
À: exim-users
Anciens-sujets: Re: [exim] Drop smtp connection before authentication
Sujet: Re: [exim] Drop smtp connection before authentication

Hi Dean,

this sounds really good.
Could you please describe how this works? for example: after 15 failures the
client ist blocked for 2 hours.
If you don`t mind, a sample configuration file would be really helpful.
Thank you very much.

Regards
Torsten


Dean Brooks wrote:
>
> Here's what we use to automatically control failed authentication
> attempts.
> If you have this in place, your server will automatically begin rejecting
> hosts that send repeated auth failure attempts.
>
> You can change the BADAUTH_LIMIT macro to any rate you like, but we use
> 15 failed attempts in 2 hours as the threshold.
>
> In the global config section of your config:
>
>    BADAUTH_LIMIT = 15 / 2h

>
>    acl_smtp_connect = check_connection
>    acl_smtp_quit = check_quit
>    acl_smtp_notquit = check_notquit

>
> In the ACL section of your config:
>
>    check_connection:
>        drop message   = Too many failed authentication attempts
>             ratelimit = BADAUTH_LIMIT / noupdate /
> badauth:$sender_host_address

>
>    check_quit:
>        accept condition = ${if eq{$authentication_failed}{1}}
>               ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address

>
>    check_notquit:
>        accept condition = ${if eq{$authentication_failed}{1}}
>               ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address

>
> We need the rate limiting portion in BOTH the "quit" and "notquit"
> sections
> for this to work properly, as you don't know how the connection will
> end up closing.
>
> You also don't want to put the ratelimiting in the RCPT or DATA section,
> because the connection will never get that far (they haven't
> authenticated!).
> You can't put it in the MAIL section either because, again, they haven't
> authenticated.
>
> Thought someone else might find this useful. Rate limits are fun. :)
>
> --
> Dean Brooks
> dean@???
>


--
View this message in context: http://www.nabble.com/Drop-smtp-connection-before-authentication-tp24569739p26083523.html
Sent from the Exim Users mailing list archive at Nabble.com.