Re: [exim] Is that SPAM? Or am I compromised?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Jeremy Harris at <-
MMGedalya at ->
Delete this message
Reply to this message
Author: Gedalya
Date:  
To: exim-users
Subject: Re: [exim] Is that SPAM? Or am I compromised?
On 3/14/23 08:07, Jeremy Harris via Exim-users wrote:
> On 13/03/2023 23:43, Gedalya via Exim-users wrote:
>> 4. On ports 587, authentication should not be advertised before STARTTLS is issued.
>
> A slight suggested relaxation of that rule:  Only authentication methods
> which are self-encrypted should be used on a cleartext channel.
>
> That mean the same as your simpler rule for PLAIN and LOGIN, which are
> the common ones.  But the SCRAM family, for example, would be safe.

There's a slightly different motivation for the approach I suggested.

Don't bother supporting SCRAM, and auto-ban any client that tries to use unadvertised AUTH. Cuts down on a lot of log spam. Many bots will not try TLS, and will either attempt AUTH before STARTTLS or will just not try at all. This doesn't "solve" anything, it's just a relative reduction of noise.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Is that SPAM? Or am I compromised?Re: [exim] Is that SPAM? Or am I compromised?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)