On Tue, 7 Jun 2011, lee wrote:
> From: lee <lee@???>
> To: exim-users <exim-users@???>
> Date: Tue, 7 Jun 2011 22:26:38
> Subject: [exim] automatically blacklisting clients that fail SMTP
> authentication
>
> is it possible to automatically blacklist clients that repeatedly fail
> SMTP authentication? And if so, how is it done?
These are know as "brute-force" attacks. Attacks on ssh connections
are the most frequent.
This, and similar requests, come up at infrequent intervals. For
example, see:
http://lists.pcre.org/lurker/message/20110128.171221.7fdc8151.nl.html
Others have suggested fail2ban. That will also do the job; we use
it here to block ssh "brute-force" attacks on Linux boxes. And
another python script:
http://denyhosts.sourceforge.net/
to block ssh "brute-force" attacks on Solaris boxes.
I quite like using sshguard:
http://www.sshguard.net/
Looks like sshguard will protect exim services.
As noted elsewhere in this chain, you may need to carefully consider
whitelisting particular hosts, IP ranges. Otherwise you may find
hosts being blocked when it really isn't a good idea to do so.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@??? Phone: +44 1225 386101
