On Tue, 17 Mar 2020 at 09:23, Heiko Schlittermann via Exim-users <
exim-users@???> wrote:
>
> > It would be "really good"(tm) if Exim could implement a similar
> > concept/service/API as it would allow me to leverage GEOIP against
> possible
> > attackers of some (protected) services and report back in to a common
> > database of failed connections for (a) GEOIP policy or (b)
> username/password
>
> Maybe I'm missing the point, but something *like* this comes into my
> mind immediatly: (at least as POC it should be ok)
>
> PLAIN:
> driver = plaintext
> server_condition =
> ${perl{do_auth}{$auth1}{$auth2}{$sender_host_address}}
>
> And provide a Perl subrouting do_auth, that does the actual
> authentication.
>
>
Apologies if I've misinterpreted the original message and subsequent
replies; if Exim is using the Dovecot authenticator, and the auth section
in the Dovecot configuration has a named auth client section, the
corresponding connecting IP address and (protocol) name are available to
the weakforced policy daemon. The name can be used to identify where the
auth originates, for example using *lt.protocol*, whilst the IP address
*lt.remote* is used for a GeoIP lookup.
Do you want to do explicit reporting from Exim?
A
--
Dr Andrew Nimmo
