Re: [exim] Drop smtp connection before authentication

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Exim Mailing List
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Drop smtp connection before authentication
On Wed, Oct 28, 2009 at 01:00:42PM +0000, Mike Cardwell wrote:
> > Dean Brooks wrote:
> >> Here's what we use to automatically control failed authentication
> >> attempts.
>
> If a client makes a single connection to your SMTP server then makes a
> million attempts to authenticate using different credentials each time,
> wouldn't that only increment the ratelimit value by 1 as it only
> increments the value on Exit... Eg, in the following example I make
> three different authentication failures but only quit once:


Took me a few minutes to remember why this wasn't a problem and finally
remembered.

A failed auth attempt counts as a "non-mail" command and increments
the counter against the global "smtp_accept_max_nonmail" setting.
It defaults to 10 but we have it set to "3" on our system:

smtp_accept_max_nonmail = 3

So, essentially, they can at most execute 3 attempts per connection
and a maximum of 15 connection failures using the ratelimits.
Essentially up to 45 failed auth attempts.

--
Dean Brooks
dean@???