Re: [exim] Handling unadvertised AUTH

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Phillip Carroll at <-
MMWJCarpenter at ->
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-users
Subject: Re: [exim] Handling unadvertised AUTH
On 30/04/16 09:38, Phillip Carroll wrote:
> Thanks for the suggestion.
>
> I looked at fail2ban some time back as something I might run on my site,
> but ultimately decided against. If I understand correctly, that utility
> rummages through various logs looking for problems and automatically
> applies solutions. Seems a rather roundabout way of dealing with my
> issue, whose parameters are already well known, and exim/smtp-specific.
> I had in mind more of a rifle approach rather than a hand grenade.
> (sorry for the violent metaphors)
>
> But, I am always somewhat leery of AI approaches to server management.
> However, maybe I have the wrong impression of fail2ban.

It's not so much AI, or automatic. You have to turn on exactly which
tests and actions happen - filters (regex) & actions. In the case of the
firewall ban, it only lasts as long as configured. The actions can be
anything so you can also/instead notify yourself when someone is banned.

eg. I firewall anyone for 60 minutes who
- uses AUTH when not advertised (exim log message)
- fails to use a valid username after X attempts (exim log message)
- can't get their password correct after X attempts (exim log message)



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Handling unadvertised AUTHRe: [exim] Handling unadvertised AUTH->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)