On 2013-06-29, Todd Lyons <tlyons@???> wrote:
> On Sat, Jun 29, 2013 at 5:24 AM, <Lena@???> wrote:
>>
>> How to block stolen passwords automatically:
>> https://github.com/Exim/exim/wiki/BlockCracking
>
> Lena, one corner case of this is when a legitimate user has one device
> with the wrong password. Picture a typical small office where two or
> three people using a small NAT router to connect to their business
> class DSL. One person changes their password and they fix it on their
> iphone because they have to leave to go do something. They leave.
> Their outlook is still open on their computer and someone comes by to
> check something in the email. Outlook doesn't seem to be working
> right so they hit the Send/Receive button multiple times. On the exim
> server, the limit for bad user/pass combination gets hit and the ip
> gets added to the blacklist. Now the whole office is blocked from
> sending email.
>
> I'd like to ponder if there is a way to detect that the same incorrect
> password is being sent over and over (indicating a misconfigured
> device) as opposed to random passwords (indicating brute forcing).
In general no.
In the special case where you have disabled the secure authentication
methods (CRAM-MD5 etc...) then yes.
--
⚂⚃ 100% natural
