Re: [exim] Drop smtp connection before authentication

Wed, 28 Oct 2009 01:12:53 -0700 

Hi Dean,

this sounds really good.
Could you please describe how this works? for example: after 15 failures the
client ist blocked for 2 hours.
If you don`t mind, a sample configuration file would be really helpful.
Thank you very much.

Regards
Torsten


Dean Brooks wrote:
> 
> Here's what we use to automatically control failed authentication
> attempts.
> If you have this in place, your server will automatically begin rejecting
> hosts that send repeated auth failure attempts.
> 
> You can change the BADAUTH_LIMIT macro to any rate you like, but we use
> 15 failed attempts in 2 hours as the threshold.
> 
> In the global config section of your config:
> 
>    BADAUTH_LIMIT = 15 / 2h
> 
>    acl_smtp_connect = check_connection
>    acl_smtp_quit = check_quit
>    acl_smtp_notquit = check_notquit
> 
> In the ACL section of your config:
> 
>    check_connection:
>        drop message   = Too many failed authentication attempts
>             ratelimit = BADAUTH_LIMIT / noupdate /
> badauth:$sender_host_address
> 
>    check_quit:
>        accept condition = ${if eq{$authentication_failed}{1}}
>               ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address
> 
>    check_notquit:
>        accept condition = ${if eq{$authentication_failed}{1}}
>               ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address
> 
> We need the rate limiting portion in BOTH the "quit" and "notquit"
> sections
> for this to work properly, as you don't know how the connection will
> end up closing.
> 
> You also don't want to put the ratelimiting in the RCPT or DATA section,
> because the connection will never get that far (they haven't
> authenticated!).
> You can't put it in the MAIL section either because, again, they haven't
> authenticated.
> 
> Thought someone else might find this useful.  Rate limits are fun.  :)
> 
> --
> Dean Brooks
> [email protected]
> 

-- 
View this message in context: 
http://www.nabble.com/Drop-smtp-connection-before-authentication-tp24569739p26083523.html
Sent from the Exim Users mailing list archive at Nabble.com.


-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to