Author: Gedalya Date: To: exim-users Subject: Re: [exim] Is that SPAM? Or am I compromised?
On 3/14/23 08:07, Jeremy Harris via Exim-users wrote: > On 13/03/2023 23:43, Gedalya via Exim-users wrote:
>> 4. On ports 587, authentication should not be advertised before STARTTLS is issued.
>
> A slight suggested relaxation of that rule: Only authentication methods
> which are self-encrypted should be used on a cleartext channel.
>
> That mean the same as your simpler rule for PLAIN and LOGIN, which are
> the common ones. But the SCRAM family, for example, would be safe.
There's a slightly different motivation for the approach I suggested.
Don't bother supporting SCRAM, and auto-ban any client that tries to use unadvertised AUTH. Cuts down on a lot of log spam. Many bots will not try TLS, and will either attempt AUTH before STARTTLS or will just not try at all. This doesn't "solve" anything, it's just a relative reduction of noise.