Re: [exim] Authenticated User Ratelimiting

Top Page
Delete this message
Reply to this message
Author: Chris Wilson
Date:  
To: Grant Peel
CC: exim-users, 'Chris Wilson'
Subject: Re: [exim] Authenticated User Ratelimiting
Hi Grant,

On Mon, 21 Oct 2013, Grant Peel wrote:

> 1) My config seems to me to be quite complex and as such I don't want to
> break it, where in the ACL_CHECK_AUTH list should I place the paragraph? I
> am guessing right at the start....


Since the other two statements are drop statements, it doesn't matter that
much. Tempfailing the attackers could waste more of their time, and your
server's resources. Swings and roundabouts. But it won't break anything if
you put it at the end.

> 2) Is the Auth 'per authenticated user' per IP address? i.e. I don't want to
> block a specific IP for all users due to 1 users overage ... hope I worded
> that question correctly.


I think what you mean is that if one user on a specific IP address
authenticates too many times, then you don't want to lock out all other
users on the same IP address. You can do that, but it means that an
attacker can try lots of different usernames with the same password
without triggering the ratelimit.

To do it anyway, change the key from "$sender_host_address" to
"$sender_host_address:$authenticated_id".

Cheers, Chris.
-- 
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <chris+sig@???> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |