Re: [exim] protecting privileged users from SMTP-AUTH attack…

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim users
Subject: Re: [exim] protecting privileged users from SMTP-AUTH attacks
On 2 Dec 2019, at 13:40, Cyborg via Exim-users <exim-users@???> wrote:
> So, the answere is "no, there is no way to intercept here." Is ok, take
> it as a FeatureRequest ;)


Jeremy’s answer was quite clear: use a DB backend such as a ratelimit DB.

I’ve been doing that for years - more than N failed auths in X time gets you in the connect blacklist. Bye bye.

How you do/track this is up to you, but the tools already exist.

Graeme