On 6 Jun 2013, at 19:52, Marc Perkel <[email protected]> wrote: > Suppose we reconfigured servers with no authentication configuration to > advertise that they take authentication and that you have a fake > authenticator that accepts any password.
It might be better to accept only, say, 1% of authentication attempts. That would prevent the hacker from trivially detecting your trap (by authenticating to the same account with two different passwords). You could use the rate limit facility to increase the likelihood of success. Exim doesn't have, as far as I know, a random number generator, but you could perhaps use a hash of the username/password/date string. -- Ian Eiloart Postmaster, University of Sussex +44 (0) 1273 87-3148
smime.p7s
Description: S/MIME cryptographic signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
