Re: [exim] Drop smtp connection before authentication

Top Page
Delete this message
Reply to this message
Author: Torsten
Date:  
To: Exim Mailing List
Subject: Re: [exim] Drop smtp connection before authentication
Thanks, Dean.
Just to verify that I understood it right. When you define the
"BADAUTH_LIMIT = 15 / 2h", 15 bad logins within 2 hours are accepted
from one IP address. When will the client be able to start a new
authentication again?

Thanks
Torsten
> Well, the configuration is listed in its entirety below actually. Just
> copy/paste each particular portion into the specified section.
>
> Note that I added the following line into the global section below:
>
>    smtp_accept_max_nonmail = 5

>
> That will limit the number of failed auth attempts per connection and
> the BADAUTH_LIMIT macro sets the number of connections that can fail
> due to failed auth.
>
> How does it work? Essentially, when a connection ends, either the
> check_quit or the check_notquit ACL is executed depending upon whether
> it was a graceful disconnection or not. Either way, if it sees that
> authentication failed in any way, it increments the "badauth" counter
> that is keyed to the sender's IP address.
>
> When a new connection comes in, it checks the counter (without updating it)
> to see if the limit has been hit within the BADAUTH_LIMIT timeframe.
>
>
> --
> Dean Brooks
> dean@???
>
>