Autor: Cyborg Datum: To: exim-users Betreff: Re: [exim] protecting privileged users from SMTP-AUTH attacks
Am 03.12.19 um 09:38 schrieb Heiko Schlittermann via Exim-users: >
> After a password change, a "forgotten" device may cause blocking that
> official IP, the "forgotten" device is masquerading as. This will
> prevent other successfully configured devices to login from that IP.
>
> With your approach this IP will be whitelisted, given that at least one
> device is able to login sucessfully.
I don't think, you thought this throu to the end... this is the consequence:
"At my local network, I can bruteforce the mailserver accounts, because
one of the clients logged in successfully."
Nothing you really wanne make possible. Don't do this.
Blocking IPs is also a early warning system, which detectes mistakes
very fast. I hurts when it hits, but it speeds up the fix also.