Re: [exim] protecting privileged users from SMTP-AUTH attack…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Cyborg at <-
MMViktor Dukhovni at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] protecting privileged users from SMTP-AUTH attacks
On 29/11/2019 17:43, Cyborg via Exim-users wrote:
> which brings me to a quick question: has exim any build in support to
> protected privileged users like root from getting brute forced by this?

Exim provides a toolkit; it's up to you to write your config to
support your needs. Builtin stuff is more at the level of
violations of documented SMTP protocol.

Ideas such as

- delay (teergrube) on auth-fail detect
- limit the number of auth tries per conn
- limit the number of auth fails per IP (and ban)
- spot the attempt to auth as root (and ban)
- spot and deny the common botnet HELO names
- rDNS verify
- HELO verify

could be of interest.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] remote access vulnerability in version 4.92-8+deb10u3Re: [exim] protecting privileged users from SMTP-AUTH attacks->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)