On Tue, Feb 4, 2014 at 6:45 AM, Todd Lyons <[email protected]> wrote: > On Tue, Feb 4, 2014 at 5:42 AM, <[email protected]> wrote: >>> From: Todd Lyons >> >>> > https://github.com/Exim/exim/wiki/BlockCracking >>> >>> Lena, exim 4.82 contains a new expansion $authenticated_fail_id which >>> you might be able to use in your smtp_quit and smtp_not_quit ACL's to >>> further refine which connections get used as input to the blocking >>> logic. >> >> 4.82 has also ${acl{ expansion item. I use it in current version >> of the code at the above URL. $authenticated_fail_id contains username only. >> Using ${acl{ , I grab password too (in PLAIN and LOGIN authenticators). >> So, the current version of my code can distinguish the same wrong password >> tried multiple times (benign) from trying multiple passwords >> for the same username (cracking attempt). > >> Current version of my code does all that with both PLAIN and LOGIN. > > Very nice, I had not checked the wiki to see if it was updated. I am > updating my servers now!
I have slowed down and am studying it instead of rolling out changes. You moved the shell command into different ACLs and I have to fully grok it before I can put it on a production machine. As usual, an excellent piece of work Lena. ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
