Re: [exim] Exim (aoom) named in context of new TLS cross-pro…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Heiko Schlittermann
Fecha:  
A: exim-users
Asunto: Re: [exim] Exim (aoom) named in context of new TLS cross-protocol attack
Cyborg via Exim-users <exim-users@???> (Mi 09 Jun 2021 21:13:43 CEST):
> Don#t get me wrong, exim is at the top of this "best of the worse" list,
> because it stops after 3 retriesm but other server like proftpd have already
> reacted to this by implementing countermeasures. This can also be seen in
> the mentioned figure.


The "3" is configurable:

|smtp_max_synprot_errors|Use: main|Type: integer|Default: 3|

So, if you worry about the abuse of your bandwidth and your Exim server,
then set this to zero. Should be enough to not be a part of this attack
vector, shouldn't it?

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -