Author: Cyborg Date: To: exim-users Subject: Re: [exim] Stopping Bruteforceattacks
Am 25.07.2012 13:05, schrieb Dr Andrew C Aitchison: >
>>> 2012-07-25 07:09:11 no IP address found for host
>>> static-216-214-153-238.isp.broadviewnet.net (during SMTP connection
>>> from [216.214.153.238])
>>> 2012-07-25 07:09:11 plain authenticator failed for ([192.168.0.232])
>>> [216.214.153.238]: 535 Incorrect authentication data (set_id=aidan)
>
> Maybe I'm misreading the logs, but isn't 192.168.0.232
> the HELO/EHLO address ? In which case the rogue machine is on a
> private network belonging
> to a broadviewnet customer and somewhere behind 216.214.153.238 ?
>
it is.
Which ACL is controlling the message : "535 Incorrect authentication
data" *?*