Re: [exim] Help with AUTH DDOS

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: Jasen Betts
CC: exim-users
Betreff: Re: [exim] Help with AUTH DDOS
On 2019-06-26 at 10:42 -0000, Jasen Betts via Exim-users wrote:
> alternatively in ACL_AUTH
>
>   drop
>     set acl_c_auth_count = ${eval: $acl_c_auth_count + 1}
>     condition = ${if >{1}{$acl_c_auth_count }}
>     message = "go away"

>
> which will allow only one attempt at auth per connect.


Minor note:

-----------------------------8< spec.txt >8-----------------------------
11.7 Expansion conditions

<symbolic operator> {<string1>}{<string2>}
    >      greater


    ${if >{$message_size}{10M} ...


    In all cases, a relative comparator OP is testing if <string1> OP <string2
    >; the above example is checking if $message_size is larger than 10M, not
    if 10M is larger than $message_size.
-----------------------------8< spec.txt >8-----------------------------


So the condition as written is asking if 1 > the auth count, so will
never fail.

I'm using this:
condition = ${if >{$acl_c_auth_count}{3}}
which will allow a fallback path but still block bulk auth attempts.

-Phil