Autor: Jeremy Harris Data: Para: exim-users Asunto: Re: [exim] protecting privileged users from SMTP-AUTH attacks
On 29/11/2019 17:43, Cyborg via Exim-users wrote: > which brings me to a quick question: has exim any build in support to
> protected privileged users like root from getting brute forced by this?
Exim provides a toolkit; it's up to you to write your config to
support your needs. Builtin stuff is more at the level of
violations of documented SMTP protocol.
Ideas such as
- delay (teergrube) on auth-fail detect
- limit the number of auth tries per conn
- limit the number of auth fails per IP (and ban)
- spot the attempt to auth as root (and ban)
- spot and deny the common botnet HELO names
- rDNS verify
- HELO verify