Author: Cyborg Date: To: exim-users Subject: Re: [exim] protecting privileged users from SMTP-AUTH attacks
Am 01.12.19 um 14:48 schrieb Jeremy Harris via Exim-users: > On 29/11/2019 17:43, Cyborg via Exim-users wrote:
>> which brings me to a quick question: has exim any build in support to
>> protected privileged users like root from getting brute forced by this?
> Exim provides a toolkit; it's up to you to write your config to
> support your needs. Builtin stuff is more at the level of
> violations of documented SMTP protocol.
>
This seems to be the newest brute force tactic:
2019-12-01 23:43:10 SMTP protocol synchronization error (next input sent
too soon: pipelining was not advertised): rejected "root"
H=node-1am2.pool-101-51.dynamic.totinternet.net [101.51.235.250] next
input="999999999\r\n"
executed with a badly written script :) but, as a bot net did it, it
badly hurt a small vm and blocking the attackers would be nice.
@Jeremy:
Is it possible to detect it in an ACL before exim itself rejects the
client by the default number of protocol violations?
Besides the options for the smtp error limits, i did not find a way.
Maybe i missed something?