On 11/08/14 10:32, Cyborg wrote:
> is it possible to add a ${run{}} ( of any sort ) in case a 535 message
> is generated ?
>
> Example:
>
> 2014-08-11 11:01:13 LOGIN authenticator failed for (ylmf-pc)
> [58.61.70.235]: 535 Incorrect authentication data (set_id=failed)
>
> Those messages get produced by brute forcers.
>
> What i need is an execution of a script to add them the attackers
> database, like this:
>
> condition = ${run{/java/rdt/tools/addspammer
> $sender_host_address}{yes}{$value}}
[ talking direct to a DB might be cleaner ]
http://exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthexiser
"Exim runs the ACL specified by acl_smtp_auth in order to decide whether
to accept the command."
So if you configure to have this ACL deciding the (failure to)
authenticate, it can do what you want at that time.
See also
https://github.com/Exim/exim/wiki/BlockCracking
--
Cheers,
Jeremy
