Re: [exim] block hacker helo's

Top Page
Delete this message
Reply to this message
Author: kuncho pencho
Date:  
To: exim-users
Subject: Re: [exim] block hacker helo's
Hi,

See this tutorial.

https://github.com/Exim/exim/wiki/BlockCracking

Best Regards.








>-------- Оригинално писмо --------


>От: Andy Smith a.smith@???


>Относно: [exim] block hacker helo's


>До: exim-users@???


>Изпратено на: 07.02.2017 14:04



Hi list,



I've already configured fail2ban to block brute force attacks on my

Exim server but thought it would be nice to be able to block outright

known abusive helo's. So I've had a dig and I came up with this config:



# Blacklist

auth_advertise_hosts =\

${lookup{$sender_helo_name}\

lsearch{/usr/local/etc/exim/heloblocks}{}{*}\

}



But it doesn't seem to work so I'm hoping someone can give me a pointer.





Also I have a general doubt, when using the term advertise in Exim does

this mean purely to advertise funcionality or does it actually mean to

provide or not that funcionality? Ie am I actually blocking auth by not

advertising it, when talking about an abusive connection that isn't

following the RFCs etc?



thanks in advance, Andy.

--

## List details at https://lists.exim.org/mailman/listinfo/exim-users

## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://wiki.exim.org/