[exim] Re: delay not kicking in

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jasen Betts
Dátum:  
Címzett: exim-users
Tárgy: [exim] Re: delay not kicking in
On 2023-06-04, Slavko via Exim-users <exim-users@???> wrote:
> --===============5177538003882154364==
> Content-Type: multipart/signed; boundary="Sig_/UlU3IJ5lalsyNpEcaEewzpE";
> protocol="application/pgp-signature"; micalg=pgp-sha256
>
> --Sig_/UlU3IJ5lalsyNpEcaEewzpE
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> D=C5=88a 4. j=C3=BAna 2023 13:54:49 UTC pou=C5=BE=C3=ADvate=C4=BE Julian Br=
> adfield via
> Exim-users <exim-users@???> nap=C3=ADsal:
>
>>I'm a small MTA, handling only relatives and one small sports club.
>>So I'm not a particularly heavy target.
>
> Perhaps you can be not target of targeted atrack, but...
>
> Have you properly set SPF/DKIM/DMARC and have not bad reputation? Then
> you are (or can be) good target. How good target you are, you can
> derive from 12 000 blocked IPs daily.
>
> BTW, how many of them repeats every some days?
>
>>That's why I operate "one strike and you're out". This is occasionally
>>annoying when I'm setting up a new device and get the password wrong,
>>but I can live with that.
>
> Hmm, you can, but what other your users? It doesn't matter how many
> users you have...
>
> I meet similar approach some years ago, in job with our email provider.
> One of our employee did typo in his mail client password, and whole
> company (behind NAT) was blocked... Some time passed until i realized
> that, then some time passed until email provider investigated and
> solved it, nobody was happy...
>
> That is, where identifying of bad IPs can be important, as you can
> relative safe apply one time approach to them and/or block them for
> long time, and for others apply less strict rules.
>
> regards
>
> --=20
> Slavko
> https://www.slavino.sk


I use a strategy where repeated attempts with the same wrong password
(user-password-hash) are not punished further.

I use an SQL database, but the same thing could by done by using an
inverse ratelimit on a hash of user-password preceeding the ratelimit
on ip-address.

--
Jasen.
🇺🇦 Слава Україні

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/