On 2019-06-26 at 10:42 -0000, Jasen Betts via Exim-users wrote:
> alternatively in ACL_AUTH
>
> drop
> set acl_c_auth_count = ${eval: $acl_c_auth_count + 1}
> condition = ${if >{1}{$acl_c_auth_count }}
> message = "go away"
>
> which will allow only one attempt at auth per connect.
Minor note:
-----------------------------8< spec.txt >8-----------------------------
11.7 Expansion conditions
<symbolic operator> {<string1>}{<string2>}
> greater
${if >{$message_size}{10M} ...
In all cases, a relative comparator OP is testing if <string1> OP <string2
>; the above example is checking if $message_size is larger than 10M, not
if 10M is larger than $message_size.
-----------------------------8< spec.txt >8-----------------------------
So the condition as written is asking if 1 > the auth count, so will
never fail.
I'm using this:
condition = ${if >{$acl_c_auth_count}{3}}
which will allow a fallback path but still block bulk auth attempts.
-Phil
