Am Dienstag, 19. Februar 2019, 15:57:07 CET schrieb Sebastian Nielsen via Exim-users: > Most better firewalls do have an built-in country/GeoIP database, if not, > you can easily add one. GeoIP is far from "reliable" for any SMTP/MTA, as there is no geolocation of a IP address. It offers only a "probably in this country" info in context of a IP address (user). This means the amount of false positives in practice is significant, except if users came from "known" AS networks or RIR assignmenets / route info. So this may (!) help/work in small and/or very defined network topologies.
I know the situation in germany is a bit different, as the internet topology / "market" is very "centralized" here, but even in germany many less kown IP access products / services available get "geo-resolved" over other (usually western) countries / regions by GeoIP (even the commercial version). I know from many african and asian Mail Providers who use "US", "european" or "canadian" IPs for their service to get around "problems" with such Geo- blocking solutions. Proper geolocation of IPs is a "science by itself", but still far from reliable. Many brute force attack attempts against our exim systems (germany+luxembourg) are currently coming from france and germany today. For smaller systems, solutions like fail2ban could help "far": https://www.fail2ban.org/wiki/index.php/Exim But even here: Be aware of possible "bad cases" where i.e. larger NAT networks "use" the service and "sloppy" user clients generate false positives. Beside Exim functionality (see Exim DOS prevention - incl. resource "reserve" subsystem) firewall rules to slow out "to much" of new initiated sessions within a time window could help. But brute force attackes are normal / usual on larger SMTP services today - important is to make it difficult to prevent any success of such attackes (even distributed ones) and "DOS effects" of them and similiar attackes. good luck, niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
