Re: [exim] script execution in case of 535 Incorrect authent…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Harris
Date:  
À: exim-users
Sujet: Re: [exim] script execution in case of 535 Incorrect authentication data ?
On 11/08/14 10:32, Cyborg wrote:
> is it possible to add a ${run{}} ( of any sort ) in case a 535 message
> is generated ?
>
> Example:
>
> 2014-08-11 11:01:13 LOGIN authenticator failed for (ylmf-pc)
> [58.61.70.235]: 535 Incorrect authentication data (set_id=failed)
>
> Those messages get produced by brute forcers.
>
> What i need is an execution of a script to add them the attackers
> database, like this:
>
> condition = ${run{/java/rdt/tools/addspammer
> $sender_host_address}{yes}{$value}}


[ talking direct to a DB might be cleaner ]

http://exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthexiser

"Exim runs the ACL specified by acl_smtp_auth in order to decide whether
to accept the command."

So if you configure to have this ACL deciding the (failure to)
authenticate, it can do what you want at that time.


See also https://github.com/Exim/exim/wiki/BlockCracking

--
Cheers,
Jeremy