Look who is trying to break into our system and how he does try it ...
2019-11-29 12:23:19 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=[117.4.84.45] next input="default\r\n" 2019-11-29 12:23:20 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=[117.4.84.45] next input="alpine\r\n" 2019-11-29 12:23:22 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=[117.4.84.45] next input="8888\r\n" 2019-11-29 12:23:23 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=[117.4.84.45] next input="7ujMko0admin\f\r\n" 2019-11-29 12:23:24 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "admin" H=[117.4.84.45] next input="12345\r\n" 2019-11-29 12:23:25 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "telecomadmin^P" H=[117.4.84.45] next input="telecomadmin\f\r\n" 2019-11-29 12:23:26 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=[117.4.84.45] next input="888888888\r\n" 2019-11-29 12:23:27 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=[117.4.84.45] next input="realtek\r\n" 2019-11-29 12:23:29 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=[117.4.84.45] next input="ding1234\f\r\n" 2019-11-29 12:23:30 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=[117.4.84.45] next input="444\r\n" which brings me to a quick question: has exim any build in support to protected privileged users like root from getting brute forced by this? Our Loginauthenticator won't let root be a valid user, so I'm not worried, but curios if any protection for know systems users has been added, besides the pam build in check for UID > 1000 ( on RH systems ). If not, take it as a Feature Request ;) And for anyone who's LoginAuthenticator uses PAM, you may wanne rethink your login-management. best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
