Den 2009-07-20 3:12, Edison F Carbol skrev:
> Hi,
>
> Is it possible to drop smtp connection before authentication per username?
> My server is congested with many attempts to authenticate with a deleted
> account.
Hi
i guess you could drop in HELO stage, based on a textfile of ip
addresses, like
deny condition =
${lookup{$sender_host_address}lsearch{banedip.txt}{yes}{no}}
and a cronjob to grep all bad ip's
grep "authenticator failed for.*" /var/log/exim4/mainlog -o | uniq -c |
grep "^\ *[0-9]\{2,4\} " | grep
"[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" -o > banedip.txt
(above baning ip where failed auth attempts >9)
on my system i grep a few other logfiles aswell, but i add the ip's this
script find to drop list in iptables, (less cputime used)
also on my system i have just now added
warn log_message = Possible hacked useraccount $authenticated_id
authenticated = *
sender_domains = !+local_domains
due to some (new?) virus/malware stealing my useres login.
so heads up
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
