On Tue, Jan 12, 2016 at 08:25:53AM -0800, Richard Doyle wrote:
> > (I believe it's not even trying to send mail, but instead is trying
> > a brute force SMTP AUTH attack.)
> This works for me. In acl_smtp_auth:
> drop condition = ${if match{$sender_helo_name}{ylmf-pc}{yes}{no}}
Don't even advertise AUTH to potential abusers...
# Blacklist
auth_advertise_hosts =\
${if and {\
{ eq {$received_port}{587}}\
{ !inlist {$sender_helo_name}\
{ylmf-pc:other.bogus.heloname}}\
}\
{*}{}\
}
or...
# Whitelist
auth_advertise_hosts =\
${if and {\
{ eq {$received_port}{587}}\
{ inlist {$sender_helo_name}\
{my.golden.pc:other.golden.heloname}}\
}\
{*}{}\
}
Steve
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
