On Tue, Feb 4, 2014 at 5:42 AM, <[email protected]> wrote: >> From: Todd Lyons > >> > https://github.com/Exim/exim/wiki/BlockCracking >> >> Lena, exim 4.82 contains a new expansion $authenticated_fail_id which >> you might be able to use in your smtp_quit and smtp_not_quit ACL's to >> further refine which connections get used as input to the blocking >> logic. > > 4.82 has also ${acl{ expansion item. I use it in current version > of the code at the above URL. $authenticated_fail_id contains username only. > Using ${acl{ , I grab password too (in PLAIN and LOGIN authenticators). > So, the current version of my code can distinguish the same wrong password > tried multiple times (benign) from trying multiple passwords > for the same username (cracking attempt).
> Current version of my code does all that with both PLAIN and LOGIN. Very nice, I had not checked the wiki to see if it was updated. I am updating my servers now! ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
