On 2013-06-29, Todd Lyons <[email protected]> wrote: > On Sat, Jun 29, 2013 at 5:24 AM, <[email protected]> wrote: >> >> How to block stolen passwords automatically: >> https://github.com/Exim/exim/wiki/BlockCracking > > Lena, one corner case of this is when a legitimate user has one device > with the wrong password. Picture a typical small office where two or > three people using a small NAT router to connect to their business > class DSL. One person changes their password and they fix it on their > iphone because they have to leave to go do something. They leave. > Their outlook is still open on their computer and someone comes by to > check something in the email. Outlook doesn't seem to be working > right so they hit the Send/Receive button multiple times. On the exim > server, the limit for bad user/pass combination gets hit and the ip > gets added to the blacklist. Now the whole office is blocked from > sending email. > > I'd like to ponder if there is a way to detect that the same incorrect > password is being sent over and over (indicating a misconfigured > device) as opposed to random passwords (indicating brute forcing).
In general no. In the special case where you have disabled the secure authentication methods (CRAM-MD5 etc...) then yes. -- ⚂⚃ 100% natural -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
