Re: [exim] Stopping Bruteforceattacks

Inizio della pagina
Delete this message
Reply to this message
Autore: Cyborg
Data:  
To: exim-users
Oggetto: Re: [exim] Stopping Bruteforceattacks
Am 25.07.2012 13:05, schrieb Dr Andrew C Aitchison:
>
>>> 2012-07-25 07:09:11 no IP address found for host
>>> static-216-214-153-238.isp.broadviewnet.net (during SMTP connection
>>> from [216.214.153.238])
>>> 2012-07-25 07:09:11 plain authenticator failed for ([192.168.0.232])
>>> [216.214.153.238]: 535 Incorrect authentication data (set_id=aidan)
>
> Maybe I'm misreading the logs, but isn't 192.168.0.232
> the HELO/EHLO address ? In which case the rogue machine is on a
> private network belonging
> to a broadviewnet customer and somewhere behind 216.214.153.238 ?
>


it is.

Which ACL is controlling the message : "535 Incorrect authentication
data" *?*

it should be possible to add this to the ACL :

condition = ${run{ ...../tools/addspammer
$sender_host_address}{yes}{$value}}

Marius