Re: [exim] auth attempts

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Heiko Schlittermann
Datum:  
To: exim-users
Betreff: Re: [exim] auth attempts
Cyborg via Exim-users <exim-users@???> (Di 10 Sep 2019 16:06:10 CEST):
> can we limit those tries anywere or slow them down?
>
> 2019-09-10 16:02:37 plain authenticator failed for (a domainname)
> [156.223.90.207]: 535 Incorrect authentication data (set_id=nonsense)


Yes, based on http://lucamattarozzi.blogspot.com/2014/09/exim-limitare-autenticazioni-fallite.html


In the connect ACL:

    deny    message = Too many unsuccessfull auth attempts.
            ratelimit = 10/2h / badauth:$authenticated_fail_id / readonly


    accept


And in the QUIT *and* NOTQUIT ACLs:

    warn    condition = $authentication_failed
            ratelimit = 10/2h / badauth:$authenticated_fail_id / strict


    accept


Completly untested, because when implementing it, I ran into another
issue.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -