On Wednesday, July 25, 2012 at 15:08:00 UTC, [email protected] confabulated:
> Am 25.07.2012 16:33, schrieb [email protected]: >> 2012-07-25 07:09:11 plain authenticator failed for ([192.168.0.232]) >> [216.214.153.238]: 535 Incorrect authentication data (set_id=aidan) >> http://www.mail-archive.com/[email protected]/msg41893.html >> or the same message: >> https://lists.exim.org/lurker/message/20120709.132921.ccaf55b3.en.html >> > acl_check_auth: > drop message = authentication is allowed only once per message in order \ > to slow down bruteforce cracking > set acl_m_auth = ${eval10:0$acl_m_auth+1} > condition = ${if >{$acl_m_auth}{2}} > delay = 22s > drop message = blacklisted for bruteforce cracking attempt > set acl_c_authnomail = ${eval10:0$acl_c_authnomail+1} > condition = ${if >{$acl_c_authnomail}{4}} > continue = ${run{SHELL -c "echo $sender_host_address \ > >>$spool_directory/blocked_IPs; \ > \N{\N echo Subject: $sender_host_address blocked; echo; echo \ > for bruteforce auth cracking attempt.; \ > \N}\N | EXIMBINARY WARNTO"}} > ... > It looks like the answere, thanks. > If i understood it correctly, this will create a file for each blocked > ip and check later if it exists. Incorrect. Only one file is used. Notice the double '>>'. Each IP is written to 'blocked_IPs'. I lookup is done somewhere else (I use the connect ACL). > Just for the record, if you send the ip to your firewall, you won't need > to check for the files later. > Each check generates unnecessary IO, hopefully in the cache, but it must > not be cached already. > If it's firewalled, the spammer can't dos the system with requests from > already blocked ip's . > If the production system has a thousand and more accouts/domains on it, > the io part will be become > vital . The server of my last employer was rated up to 500.000 mails a > day by spamcop and trust me, > you do not want to check those blocked ips with a file.exists() call :) > Marius -- If at first you don't succeed... ...so much for skydiving. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
