Re: [exim] script execution in case of 535 Incorrect authent…

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] script execution in case of 535 Incorrect authentication data ?
On 11/08/14 10:32, Cyborg wrote:
> is it possible to add a ${run{}} ( of any sort ) in case a 535 message
> is generated ?
>
> Example:
>
> 2014-08-11 11:01:13 LOGIN authenticator failed for (ylmf-pc)
> [58.61.70.235]: 535 Incorrect authentication data (set_id=failed)
>
> Those messages get produced by brute forcers.
>
> What i need is an execution of a script to add them the attackers
> database, like this:
>
> condition = ${run{/java/rdt/tools/addspammer
> $sender_host_address}{yes}{$value}}


[ talking direct to a DB might be cleaner ]

http://exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthexiser

"Exim runs the ACL specified by acl_smtp_auth in order to decide whether
to accept the command."

So if you configure to have this ACL deciding the (failure to)
authenticate, it can do what you want at that time.


See also https://github.com/Exim/exim/wiki/BlockCracking

--
Cheers,
Jeremy