Re: [exim] exim still accepting email after 550 from acl_che…

Top Page
Delete this message
Reply to this message
Author: Dennis Davis
Date:  
To: exim-users
Subject: Re: [exim] exim still accepting email after 550 from acl_check_helo
On Tue, 12 Jan 2016, Richard Doyle wrote:

> From: Richard Doyle <listsub@???>
> To: exim-users@???
> Date: Tue, 12 Jan 2016 16:26:47
> Subject: Re: [exim] exim still accepting email after 550 from acl_check_helo


...

> > (I believe it's not even trying to send mail, but instead is trying
> > a brute force SMTP AUTH attack.)
> This works for me. In acl_smtp_auth:
>
> drop condition = ${if match{$sender_helo_name}{ylmf-pc}{yes}{no}}


It's a long time ago now -- nearly a decade -- but I used to
try and slow down brute force SMTP AUTH attacks by including the
following near the start of acl_smtp_auth:

  # Throw in a delay of a few seconds.  This will hardly be noticed
  # by humanoid-driven clients.  But it'll slow down any miscreant
  # robot running Rumplestiltskin attacks against us...yes this is
  # paranoia on steroids...
  warn    delay = 2s


The above was obvious included after drop/deny statements for known
unfriendly hosts.
--
Dennis Davis <dennisdavis@???>