Re: [exim] protecting privileged users from SMTP-AUTH attack…

Góra strony
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
Dla: exim-users
Temat: Re: [exim] protecting privileged users from SMTP-AUTH attacks
On Sun, Dec 01, 2019 at 01:48:29PM +0000, Jeremy Harris via Exim-users wrote:

> On 29/11/2019 17:43, Cyborg via Exim-users wrote:
> > which brings me to a quick question: has exim any build in support to
> > protected privileged users like root from getting brute forced by this?
>
> Exim provides a toolkit; it's up to you to write your config to
> support your needs. Builtin stuff is more at the level of
> violations of documented SMTP protocol.


On my system SMTP PLAIN auth is backed by PAM, and the PAM config
file has:

    # auth
    auth            required        pam_group.so            no_warn group=pamimap
    auth            required        pam_unix.so             no_warn


This means that only users in group "pamimap" can attempt to login with a
password, this excludes "root", and all the other system accounts. All users
in that "pamimap" group have strong machine-generated high-entropy passwords.

With just family and friends hosted on the server, I can maintain sufficient
security to ignore the AUTH scans, they're wasting their time.

-- 
    Viktor.