Re: [exim] Stopping Bruteforceattacks

Top Page
Delete this message
Reply to this message
Author: Terry
Date:  
To: exim-users
Subject: Re: [exim] Stopping Bruteforceattacks
On 25/07/2012 07:33, Lena@??? wrote:
> From: Cyborg <cyborg2@???>
>
> does anyone have a working solution for this :
>
> 2012-07-25 07:09:11 plain authenticator failed for ([192.168.0.232])
> [216.214.153.238]: 535 Incorrect authentication data (set_id=aidan)


I use ConfigServer Security & Firewall (CSF). Very simple to set up and
maintain. Low resource usage. http://configserver.com/cp/csf.html

Handles this type of attack well. I've noticed lately that some of the
same IPs that are trying brute force attacks on exim are also targeting
dovecot. CSF deals with these as well. When an IP is blocked, you can
set the options to receive a notification and the notification contains
IP and set-id.

Caveat: I run a very small mailserver (> 100 accounts> so not sure how
it scales.

--
Terry