[exim] Re: smtp_accept_max & DDoS

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Slavko
Fecha:  
A: exim-users
Asunto: [exim] Re: smtp_accept_max & DDoS
Dňa 13. mája 2023 8:50:26 UTC používateľ Cyborg via Exim-users <exim-users@???> napísal:

>I suggest to choose your timeout for the kill wisely, as some servers send a big chunk of data slow as hell, but a reasonable amount would be 30s.


As i have separate MSA, would not be more easy to setup
that timeout right in exim? Will not this have the same effect?...

As there is AuthPolicy daemon in action, filling FW is done
by fail2ban parsing its logs. That allow me distinguish
auth rejection reason in more precise way than simple
success/fail in exim, beside the fact, that fail2ban
provides repeat counting, ban persistance -- and unban
of course (as many of them seems to be end users, from
time to time cleaned infection and/or changed IP).

regards


--
Slavko
https://www.slavino.sk/

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/