On 2023-06-04, Slavko via Exim-users <exim-users@lists.exim.org> wrote: > --===============5177538003882154364== > Content-Type: multipart/signed; boundary="Sig_/UlU3IJ5lalsyNpEcaEewzpE"; > protocol="application/pgp-signature"; micalg=pgp-sha256 > > --Sig_/UlU3IJ5lalsyNpEcaEewzpE > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: quoted-printable > > D=C5=88a 4. j=C3=BAna 2023 13:54:49 UTC pou=C5=BE=C3=ADvate=C4=BE Julian Br= > adfield via > Exim-users <exim-users@lists.exim.org> nap=C3=ADsal: > >>I'm a small MTA, handling only relatives and one small sports club. >>So I'm not a particularly heavy target. > > Perhaps you can be not target of targeted atrack, but... > > Have you properly set SPF/DKIM/DMARC and have not bad reputation? Then > you are (or can be) good target. How good target you are, you can > derive from 12 000 blocked IPs daily. > > BTW, how many of them repeats every some days? > >>That's why I operate "one strike and you're out". This is occasionally >>annoying when I'm setting up a new device and get the password wrong, >>but I can live with that. > > Hmm, you can, but what other your users? It doesn't matter how many > users you have... > > I meet similar approach some years ago, in job with our email provider. > One of our employee did typo in his mail client password, and whole > company (behind NAT) was blocked... Some time passed until i realized > that, then some time passed until email provider investigated and > solved it, nobody was happy... > > That is, where identifying of bad IPs can be important, as you can > relative safe apply one time approach to them and/or block them for > long time, and for others apply less strict rules. > > regards > > --=20 > Slavko > https://www.slavino.sk
I use a strategy where repeated attempts with the same wrong password (user-password-hash) are not punished further. I use an SQL database, but the same thing could by done by using an inverse ratelimit on a hash of user-password preceeding the ratelimit on ip-address. -- Jasen. 🇺🇦 Слава Україні -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
