Autor: Ted Cooper Datum: To: exim-users Betreff: Re: [exim] Handling unadvertised AUTH
On 30/04/16 09:38, Phillip Carroll wrote: > Thanks for the suggestion.
>
> I looked at fail2ban some time back as something I might run on my site,
> but ultimately decided against. If I understand correctly, that utility
> rummages through various logs looking for problems and automatically
> applies solutions. Seems a rather roundabout way of dealing with my
> issue, whose parameters are already well known, and exim/smtp-specific.
> I had in mind more of a rifle approach rather than a hand grenade.
> (sorry for the violent metaphors)
>
> But, I am always somewhat leery of AI approaches to server management.
> However, maybe I have the wrong impression of fail2ban.
It's not so much AI, or automatic. You have to turn on exactly which
tests and actions happen - filters (regex) & actions. In the case of the
firewall ban, it only lasts as long as configured. The actions can be
anything so you can also/instead notify yourself when someone is banned.
eg. I firewall anyone for 60 minutes who
- uses AUTH when not advertised (exim log message)
- fails to use a valid username after X attempts (exim log message)
- can't get their password correct after X attempts (exim log message)