Re: [exim] Drop smtp connection before authentication

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MMike Cardwell at <-
MMMExim Mailing List at ->
Delete this message
Reply to this message
Author: Exim Mailing List
Date:  
To: exim-users
Subject: Re: [exim] Drop smtp connection before authentication
On Wed, Oct 28, 2009 at 01:00:42PM +0000, Mike Cardwell wrote:
> > Dean Brooks wrote:
> >> Here's what we use to automatically control failed authentication
> >> attempts.
>
> If a client makes a single connection to your SMTP server then makes a
> million attempts to authenticate using different credentials each time,
> wouldn't that only increment the ratelimit value by 1 as it only
> increments the value on Exit... Eg, in the following example I make
> three different authentication failures but only quit once:

Took me a few minutes to remember why this wasn't a problem and finally
remembered.

A failed auth attempt counts as a "non-mail" command and increments
the counter against the global "smtp_accept_max_nonmail" setting.
It defaults to 10 but we have it set to "3" on our system:

smtp_accept_max_nonmail = 3

So, essentially, they can at most execute 3 attempts per connection
and a maximum of 15 connection failures using the ratelimits.
Essentially up to 45 failed auth attempts.

--
Dean Brooks
dean@???

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Drop smtp connection before authenticationRe: [exim] Drop smtp connection before authentication->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)