Re: [exim] protecting privileged users from SMTP-AUTH attack…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Heiko Schlittermann
Datum:  
To: exim-users
Betreff: Re: [exim] protecting privileged users from SMTP-AUTH attacks
Jeremy Harris via Exim-users <exim-users@???> (Mo 02 Dez 2019 11:48:40 CET):
> Perhaps you could start from the other end: track your customer's
> (well, at least sources that pass authentication) IPs -
> and impose a delay on others. Ways to do that:


That's a good idea that probably is quite robust against false blocking
after a changed password.

Often several endpoints are configured for the same account (IMAP
accessed by mobile, computer, …) located behind the same public IP.

After a password change, a "forgotten" device may cause blocking that
official IP, the "forgotten" device is masquerading as. This will
prevent other successfully configured devices to login from that IP.

With your approach this IP will be whitelisted, given that at least one
device is able to login sucessfully.

Thanks for that idea.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -