Re: [exim] Stopping Bruteforceattacks

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Cyborg
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Stopping Bruteforceattacks

Am 25.07.2012 17:25, schrieb Duane Hill:
>> If i understood it correctly, this will create a file for each blocked
>> ip and check later if it exists.
> Incorrect. Only one file is used. Notice the double '>>'. Each IP is
> written to 'blocked_IPs'. I lookup is done somewhere else (I use the
> connect ACL).
>


acl_check_connect:
   drop  message = $sender_host_address locally blacklisted for a bruteforce \
                   auth (login+password) cracking attempt
         condition = ${if exists{$spool_directory/blocked_IPs}}
         condition = ${lookup{$sender_host_address}lsearch\
                     {$spool_directory/blocked_IPs}{1}{0}}



IMHO, that's even worse IO wise :(

Marius