Re: [exim] protecting privileged users from SMTP-AUTH attack…

Góra strony
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
Dla: exim-users
Temat: Re: [exim] protecting privileged users from SMTP-AUTH attacks
Cyborg via Exim-users <exim-users@???> (Di 03 Dez 2019 10:19:33 CET):
> > With your approach this IP will be whitelisted, given that at least one
> > device is able to login sucessfully.
>
> I don't think, you thought this throu to the end... this is the consequence:
>
> "At my local network, I can bruteforce the mailserver accounts, because
> one of the clients logged in successfully."


Brute force shouldn't be a problem if your passwords are secure. If
behind a given IP is a good client, they deserve trust to a limited
extend. Still not allowing the majority of IPs to brute force my
accounts and thus spamming my logs.

> Nothing you really wanne make possible. Don't do this.
>
> Blocking IPs is also a early warning system, which detectes mistakes
> very fast. I hurts when it hits, but it speeds up the fix also.


If you ever changed a password and there is any "autologin" client not
knowing the updated password, you're in trouble with blocking the
auth-failed-IP.

--
Heiko