Re: [exim] protecting privileged users from SMTP-AUTH attack…

Góra strony
Delete this message
Reply to this message
Autor: Cyborg
Data:  
Dla: exim-users
Temat: Re: [exim] protecting privileged users from SMTP-AUTH attacks
Am 03.12.19 um 09:38 schrieb Heiko Schlittermann via Exim-users:
>
> After a password change, a "forgotten" device may cause blocking that
> official IP, the "forgotten" device is masquerading as. This will
> prevent other successfully configured devices to login from that IP.
>
> With your approach this IP will be whitelisted, given that at least one
> device is able to login sucessfully.


I don't think, you thought this throu to the end... this is the consequence:

"At my local network, I can bruteforce the mailserver accounts, because
one of the clients logged in successfully."

Nothing you really wanne make possible. Don't do this.

Blocking IPs is also a early warning system, which detectes mistakes
very fast. I hurts when it hits, but it speeds up the fix also.


Best regards,
Marius