Hello! On Wed, 29 Nov 2017 at 13:23:55 (+0000), Emanuel Gonzalez wrote:
> I use fail2ban with iptables to block the brute-force attack, but on some > virtual servers I do not use iptables. > 2017-11-29 09:40:56 fixed_login authenticator failed for (shkhHHO7Wf) > [220.164.38.211]: 535 Incorrect authentication data (set_id=zu) > 2017-11-29 09:41:11 fixed_login authenticator failed for (7ouBtZ1fzi) > [220.164.38.211]: 535 Incorrect authentication data (set_id=zu) > 2017-11-29 09:41:29 fixed_login authenticator failed for (ADM-TRIANON) > [200.9.221.213]: 535 Incorrect authentication data > ([email protected]) > 2017-11-29 09:42:25 fixed_login authenticator failed for (ADMIN) > [52.175.18.205]: 535 Incorrect authentication data > ([email protected]) > Is it possible to block these attacks through some rule from exim? You can use fail2ban to add attackers IPs to a file which would be used as a hostlist in a drop or deny acl (or using tcpwrappers if exim is built with TCPwrappers support). -- George L. Yermulnik [YZ-RIPE] -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
