On Tue, 7 Jun 2011, lee wrote: > From: lee <[email protected]> > To: exim-users <[email protected]> > Date: Tue, 7 Jun 2011 22:26:38 > Subject: [exim] automatically blacklisting clients that fail SMTP > authentication > > is it possible to automatically blacklist clients that repeatedly fail > SMTP authentication? And if so, how is it done?
These are know as "brute-force" attacks. Attacks on ssh connections are the most frequent. This, and similar requests, come up at infrequent intervals. For example, see: http://lists.pcre.org/lurker/message/20110128.171221.7fdc8151.nl.html Others have suggested fail2ban. That will also do the job; we use it here to block ssh "brute-force" attacks on Linux boxes. And another python script: http://denyhosts.sourceforge.net/ to block ssh "brute-force" attacks on Solaris boxes. I quite like using sshguard: http://www.sshguard.net/ Looks like sshguard will protect exim services. As noted elsewhere in this chain, you may need to carefully consider whitelisting particular hosts, IP ranges. Otherwise you may find hosts being blocked when it really isn't a good idea to do so. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [email protected] Phone: +44 1225 386101 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
