Author: Arkadiusz Miśkiewicz
Date:
To: exim-users
Subject: [exim] catching brute foce smtp auth - what condition?
Hello.
How to catch brute foce smtp auth attempts only? (== bad login or
password provided)
Condition like:
${if eq{$authentication_failed}{1}}
doesn't work because it also catches cases where client cancelled smtp
auth attempt (rfc2554 and "*").
Exim internally sees difference:
535 Incorrect authentication data
501 Authentication cancelled
Ideas?
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )