On Tue, Feb 4, 2014 at 5:42 AM, <Lena@???> wrote:
>> From: Todd Lyons
>
>> > https://github.com/Exim/exim/wiki/BlockCracking
>>
>> Lena, exim 4.82 contains a new expansion $authenticated_fail_id which
>> you might be able to use in your smtp_quit and smtp_not_quit ACL's to
>> further refine which connections get used as input to the blocking
>> logic.
>
> 4.82 has also ${acl{ expansion item. I use it in current version
> of the code at the above URL. $authenticated_fail_id contains username only.
> Using ${acl{ , I grab password too (in PLAIN and LOGIN authenticators).
> So, the current version of my code can distinguish the same wrong password
> tried multiple times (benign) from trying multiple passwords
> for the same username (cracking attempt).
> Current version of my code does all that with both PLAIN and LOGIN.
Very nice, I had not checked the wiki to see if it was updated. I am
updating my servers now!
...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine
