Re: [exim] automatically blacklisting clients that fail SMTP…

Top Page
Delete this message
Reply to this message
Author: WJCarpenter
Date:  
To: Exim Mailing List
Subject: Re: [exim] automatically blacklisting clients that fail SMTP authentication

> . using fail2ban


I second the idea of using fail2ban (or something similar). It's
completely non-invasive.

It can be a slight inconvenience if you have users behind NAT firewalls
coming to your server (which includes most home routers). One clumsy
person mistyping a webmail password a couple of times looks out
everybody using that shared public IP address. OTOH, fail2ban is
tunable and is typically configured to only block the IP address for
10-20 minutes. That's enough to turn back most attacking bots (or at
least give your machine a rest) and tolerable for the false alarm cases.