Author: Heiko Schlittermann Date: To: exim-users Subject: Re: [exim] protecting privileged users from SMTP-AUTH attacks
Cyborg via Exim-users <exim-users@???> (Di 03 Dez 2019 10:19:33 CET): > > With your approach this IP will be whitelisted, given that at least one
> > device is able to login sucessfully.
>
> I don't think, you thought this throu to the end... this is the consequence:
>
> "At my local network, I can bruteforce the mailserver accounts, because
> one of the clients logged in successfully."
Brute force shouldn't be a problem if your passwords are secure. If
behind a given IP is a good client, they deserve trust to a limited
extend. Still not allowing the majority of IPs to brute force my
accounts and thus spamming my logs.
> Nothing you really wanne make possible. Don't do this.
>
> Blocking IPs is also a early warning system, which detectes mistakes
> very fast. I hurts when it hits, but it speeds up the fix also.
If you ever changed a password and there is any "autologin" client not
knowing the updated password, you're in trouble with blocking the
auth-failed-IP.