Re: [exim] protecting privileged users from SMTP-AUTH attack…

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Cyborg
Data:  
Para: exim-users
Assunto: Re: [exim] protecting privileged users from SMTP-AUTH attacks
Am 01.12.19 um 14:48 schrieb Jeremy Harris via Exim-users:
> On 29/11/2019 17:43, Cyborg via Exim-users wrote:
>> which brings me to a quick question: has exim any build in support to
>> protected privileged users like root from getting brute forced by this?
> Exim provides a toolkit; it's up to you to write your config to
> support your needs. Builtin stuff is more at the level of
> violations of documented SMTP protocol.
>


This seems to be the newest brute force tactic:

2019-12-01 23:43:10 SMTP protocol synchronization error (next input sent
too soon: pipelining was not advertised): rejected "root"
H=node-1am2.pool-101-51.dynamic.totinternet.net [101.51.235.250] next
input="999999999\r\n"

executed with a badly written script :)  but, as a bot net did it, it
badly hurt a small vm and blocking the attackers would be nice.

@Jeremy:

Is it possible to detect it in an ACL before exim itself rejects the
client by the default number of protocol violations?
Besides the options for the smtp error limits, i did not find a way.
Maybe i missed something?

best regards,
Marius