Autor: Jeremy Harris Data: Para: exim-users Asunto: Re: [exim] protecting privileged users from SMTP-AUTH attacks
On 02/12/2019 08:23, Cyborg via Exim-users wrote: > This seems to be the newest brute force tactic:
>
> 2019-12-01 23:43:10 SMTP protocol synchronization error (next input sent
> too soon: pipelining was not advertised): rejected "root"
> H=node-1am2.pool-101-51.dynamic.totinternet.net [101.51.235.250] next
> input="999999999\r\n"
>
> executed with a badly written script :) but, as a bot net did it, it
> badly hurt a small vm and blocking the attackers would be nice.
>
> @Jeremy:
>
> Is it possible to detect it in an ACL before exim itself rejects the
> client by the default number of protocol violations?