Re: [exim] protecting privileged users from SMTP-AUTH attack…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] protecting privileged users from SMTP-AUTH attacks
On 29/11/2019 17:43, Cyborg via Exim-users wrote:
> which brings me to a quick question: has exim any build in support to
> protected privileged users like root from getting brute forced by this?


Exim provides a toolkit; it's up to you to write your config to
support your needs. Builtin stuff is more at the level of
violations of documented SMTP protocol.

Ideas such as

- delay (teergrube) on auth-fail detect
- limit the number of auth tries per conn
- limit the number of auth fails per IP (and ban)
- spot the attempt to auth as root (and ban)
- spot and deny the common botnet HELO names
- rDNS verify
- HELO verify

could be of interest.
--
Cheers,
Jeremy