On Sat, Jun 29, 2013 at 5:24 AM, <[email protected]> wrote: > > How to block stolen passwords automatically: > https://github.com/Exim/exim/wiki/BlockCracking
Lena, one corner case of this is when a legitimate user has one device with the wrong password. Picture a typical small office where two or three people using a small NAT router to connect to their business class DSL. One person changes their password and they fix it on their iphone because they have to leave to go do something. They leave. Their outlook is still open on their computer and someone comes by to check something in the email. Outlook doesn't seem to be working right so they hit the Send/Receive button multiple times. On the exim server, the limit for bad user/pass combination gets hit and the ip gets added to the blacklist. Now the whole office is blocked from sending email. I'd like to ponder if there is a way to detect that the same incorrect password is being sent over and over (indicating a misconfigured device) as opposed to random passwords (indicating brute forcing). To my knowledge the actual password nor a hash of it is not made available anywhere except to the authenticator section. Can you dream up any sequence that could be used to capture a hash of that password, store it, and then use it to compare subsequent attempts? I'm thinking in pseudo-code: if this_password_hash != last_password_hash increment brute_force_counter like normal else increment misconfigured_device_counter if misconfigured_device_counter > $LIMIT do something I'm not as interested in the storage of the counter (I'm going to be using memcache instead of a local file/mysql), but I am interested in the logic used to achieve this. If it can be done... ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
