[...]

Top Page
Delete this message
Reply to this message
Author: nb
Date:  
To: Always Learning
Old-Topics: [exim] AUTH command used when not advertised
New-Topics: Re: [exim] AUTH command used when not advertised
Subject: [...]

Cette notice a iti ajoutie par le systhme d'analyse "SpamAssassin" sur
votre serveur de courrier "colibri.dagami.org", pour vous
aider ` identifier ce type de messages.

Le systhme SpamAssassin ajoute un en-tjte "X-Spam-Flag: YES" aux
messages qu'il considhre comme itant probablement du Spam.
Vous pouvez si vous le souhaitez utiliser cette caractiristique
pour rigler un filtre dans votre logiciel de lecture de courrier,
afin de ditruire ou de classer ` part ce type de message.

Si ce robot a classifii incorrectement un message qui vous itait
destini, ou pour toute question, veuillez contacter l'administrateur
du systhme par e-mail ` @@CONTACT_ADDRESS@@ .

Voir http://spamassassin.apache.org/tag/ pour plus de ditails (en anglais).

 Ditails de l'analyse du message:   (-1.6 points, 3.0 requis)
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -0.6 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain


 -------------------- Fin de Rapport SpamAssassin ---------------------
X-Spam-Score: -2.0 (--)
X-Spam-Status: No, score?.0 required~0 tests?L.438, BAYES_00?.5,
    DNS_FROM_AHBL_RHSBL.231, EXIM_ACL?.2,
    NO_RELAYS?.001 autolearn?m version^1.8
Cc: Exim <exim-users@???>
Subject: Re: [exim] AUTH command used when not advertised
X-BeenThere: exim-users@???
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: A user list for the exim MTA <exim-users.exim.org>
List-Unsubscribe: <https://lists.exim.org/mailman/options/exim-users>,
    <mailto:exim-users-request@exim.org?subject?subscribe>
List-Archive: <https://lists.exim.org/lurker/list/exim-users.html>
List-Post: <mailto:exim-users@exim.org>
List-Help: <mailto:exim-users-request@exim.org?subject?lp>
List-Subscribe: <https://lists.exim.org/mailman/listinfo/exim-users>,
    <mailto:exim-users-request@exim.org?subject?bscribe>
X-List-Received-Date: Sat, 18 Apr 2015 06:31:01 -0000


Hi,

There’s a very good reading about this:
https://github.com/Exim/exim/wiki/BlockCracking

> Le 18 avr. 2015 à 02:46, Always Learning <exim@???> a écrit :
>
>
> Exim 4.72 (Centos 6)
>
>
> A MTA experienced 20 minutes (circa 1,722 attempts) of:
>
> (from logwatch)
>
>     2015-04-17 22:56:16 SMTP protocol error in "AUTH LOGIN"
>     H=(SRV) [88.119.254.244]:50272 I=[xx.xx.xx.xx]:25 AUTH
>     command used when not advertised: 1 Time(s)

>
> Have changed:-
>
>     smtp_accept_max                   = 5
>     smtp_accept_max_per_connection    = 5
>     smtp_accept_max_per_host          = 5

>
> whilst assuming it will not prevent future abuse.
>
>
> If I create acl_smtp_auth = acl_reject_auth
>
> acl_reject_auth:
>
>       warn message = ${run{SHELL -c "PHP EXIM_ALERT
>                          (code to bloke IP address in IPtables......)

>
>       deny message = (rejection message) ......

>
>
> will this ACL only intercept log-on attempts ?
>
>
> Thank you.
>
> --
> Regards,
>
> Paul.
> England, EU.      Je suis Charlie.

>
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/