Consider
do {
S: 220 exim at your service
C: ehlo harassing.client
S: 250-whatever
250 will not advertise auth
C: auth
S: 503 AUTH command used when not advertised
C: quit
S: 221 exim closing connection
} (forever)
Am I right that the best way exim offers to deal with harassing.client
is by external means, such as FAIL2BAN?
I think that a better solution is with ratelimiting harassing.client.
Because most of the infrastructure is here. At exim. For example,
--- smtp_in.c 2020-05-30 20:35:38.000000000 +0000
+++ smtp_in.c.mod 2020-09-15 15:12:38.223868353 +0000
@@ -4041,16 +4041,21 @@
case AUTH_CMD:
HAD(SCH_AUTH);
authentication_failed = TRUE;
cmd_list[CMD_LIST_AUTH].is_mail_cmd = FALSE;
if (!fl.auth_advertised && !f.allow_auth_unadvertised)
{
+ if ( acl_smtp_auth_unadvertised
+ && ((rc = acl_check(ACL_WHERE_QUIT, NULL, acl_smtp_auth_unadvertised, NULL,
+ &log_msg)) == ERROR))
+ log_write(0, LOG_MAIN|LOG_PANIC, "ACL for unadvertised AUTH returned ERROR: %s",
+ log_msg);
done = synprot_error(L_smtp_protocol_error, 503, NULL,
US"AUTH command used when not advertised");
break;
}
if (sender_host_authenticated)
{
done = synprot_error(L_smtp_protocol_error, 503, NULL,
US"already authenticated");
acl_smtp_auth_unadvertised is expected to be limited in capabilities.
Conceptually, similar to the limited acl_smtp_quit. I still have to try
to code it.
In general, will you incoporate something like that in the code?
