Re: [exim] script execution in case of 535 Incorrect authent…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Jeremy Harris
Fecha:  
A: exim-users
Asunto: Re: [exim] script execution in case of 535 Incorrect authentication data ?
On 11/08/14 10:32, Cyborg wrote:
> is it possible to add a ${run{}} ( of any sort ) in case a 535 message
> is generated ?
>
> Example:
>
> 2014-08-11 11:01:13 LOGIN authenticator failed for (ylmf-pc)
> [58.61.70.235]: 535 Incorrect authentication data (set_id=failed)
>
> Those messages get produced by brute forcers.
>
> What i need is an execution of a script to add them the attackers
> database, like this:
>
> condition = ${run{/java/rdt/tools/addspammer
> $sender_host_address}{yes}{$value}}


[ talking direct to a DB might be cleaner ]

http://exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthexiser

"Exim runs the ACL specified by acl_smtp_auth in order to decide whether
to accept the command."

So if you configure to have this ACL deciding the (failure to)
authenticate, it can do what you want at that time.


See also https://github.com/Exim/exim/wiki/BlockCracking

--
Cheers,
Jeremy