Mikhail,
Mikhail Golub via Exim-users (Do 28 Nov 2019 14:48:51
CET):
>
> > > ARC problem?
> >
> > Looks like. Presumably the massage is still in your
> > spool and the problem can be repeated with it?
>
> No message in spool.
> Today i disable ARC and force message delivery. Message sent.
>
Hi Haines,
Haines Brown via Exim-users (Sa 30 Nov 2019 19:41:11 CET):
> Of late (perhaps since October?) I've received random messages like
> this:
>
> > Date: Fri, 29 Nov 2019 21:30:34 -0500
> > From: Mail Delivery System
> > To: postmas...@engels.histomat.net
> > Subject: Message frozen
>
On 02/12/2019 13:40, Cyborg via Exim-users wrote:
> So, the answere is "no, there is no way to intercept here."
I did not say that; please do not put words into my mouth.
The item you showed the log line for _was_ an interception.
--
Cheers,
Jeremy
--
## List details at
On Dec 02, Cyborg via Exim-users wrote
> It was only a small example, the logfiles are full of it.
>
> And by blocking, I mean "blocking in the entire cluster" ;)
Why not use Fail2Ban?
https://www.fail2ban.org/wiki/index.php/Main_Page
I have it running with the default exim jail, with
On 2 Dec 2019, at 13:40, Cyborg via Exim-users wrote:
> So, the answere is "no, there is no way to intercept here." Is ok, take
> it as a FeatureRequest ;)
Jeremy’s answer was quite clear: use a DB backend such as a ratelimit DB.
I’ve been doing that for years - more than N failed auths in X
Am 02.12.19 um 11:48 schrieb Jeremy Harris via Exim-users:
> On 02/12/2019 10:23, Cyborg via Exim-users wrote:
>> That an ip is trying to abuse the auth mechanics and producing a lot of
>> "protocol synchronization error" messages,
>> as normal clients won't do.
> You say "an IP" but you also
Am 30.11.19 um 19:41 schrieb Haines Brown via Exim-users:
>
>> The following address(es) have yet to be delivered:
>>dng-boun...@lists.dyne.org: SMTP error from remote mail server
>> after pipelined
>> MAIL FROM:<> SIZE=5753: 554 5.7.1 Empty Sender Address is
>> prohibited through this
On 30/11/2019 18:41, Haines Brown via Exim-users wrote:
> Of late (perhaps since October?) I've received random messages like
> this:
>
>> Date: Fri, 29 Nov 2019 21:30:34 -0500
>> From: Mail Delivery System
>> To: postmas...@engels.histomat.net
>> Subject: Message frozen
>>
>> Message
Of late (perhaps since October?) I've received random messages like
this:
> Date: Fri, 29 Nov 2019 21:30:34 -0500
> From: Mail Delivery System
> To: postmas...@engels.histomat.net
> Subject: Message frozen
>
> Message 1iasWk-0004Ya-NP has been frozen (delivery error message).
> The sender
On 02/12/2019 10:23, Cyborg via Exim-users wrote:
> That an ip is trying to abuse the auth mechanics and producing a lot of
> "protocol synchronization error" messages,
> as normal clients won't do.
You say "an IP" but you also said "botnet". If the botnet is
only using IP's once, you won't do
Am 02.12.19 um 11:08 schrieb Jeremy Harris via Exim-users:
>> Is it possible to detect it in an ACL before exim itself rejects the
>> client by the default number of protocol violations?
> Detect what, precisely?
That an ip is trying to abuse the auth mechanics and producing a lot of
"protocol
On 02/12/2019 08:23, Cyborg via Exim-users wrote:
> This seems to be the newest brute force tactic:
>
> 2019-12-01 23:43:10 SMTP protocol synchronization error (next input sent
> too soon: pipelining was not advertised): rejected "root"
> H=node-1am2.pool-101-51.dynamic.totinternet.net
Am 01.12.19 um 14:48 schrieb Jeremy Harris via Exim-users:
> On 29/11/2019 17:43, Cyborg via Exim-users wrote:
>> which brings me to a quick question: has exim any build in support to
>> protected privileged users like root from getting brute forced by this?
> Exim provides a toolkit; it's up to
13 matches
Mail list logo