Re: [exim] Stopping Bruteforceattacks

Pàgina inicial
Delete this message
Reply to this message
Autor: Cyborg
Data:  
A: exim-users
Assumpte: Re: [exim] Stopping Bruteforceattacks

Am 25.07.2012 17:25, schrieb Duane Hill:
>> If i understood it correctly, this will create a file for each blocked
>> ip and check later if it exists.
> Incorrect. Only one file is used. Notice the double '>>'. Each IP is
> written to 'blocked_IPs'. I lookup is done somewhere else (I use the
> connect ACL).
>


acl_check_connect:
   drop  message = $sender_host_address locally blacklisted for a bruteforce \
                   auth (login+password) cracking attempt
         condition = ${if exists{$spool_directory/blocked_IPs}}
         condition = ${lookup{$sender_host_address}lsearch\
                     {$spool_directory/blocked_IPs}{1}{0}}



IMHO, that's even worse IO wise :(

Marius