Re: [exim] protecting privileged users from SMTP-AUTH attack…

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] protecting privileged users from SMTP-AUTH attacks
On 02/12/2019 08:23, Cyborg via Exim-users wrote:
> This seems to be the newest brute force tactic:
>
> 2019-12-01 23:43:10 SMTP protocol synchronization error (next input sent
> too soon: pipelining was not advertised): rejected "root"
> H=node-1am2.pool-101-51.dynamic.totinternet.net [101.51.235.250] next
> input="999999999\r\n"
>
> executed with a badly written script :)  but, as a bot net did it, it
> badly hurt a small vm and blocking the attackers would be nice.
>
> @Jeremy:
>
> Is it possible to detect it in an ACL before exim itself rejects the
> client by the default number of protocol violations?


Detect what, precisely?
--
Cheers,
Jeremy