> How to catch brute foce smtp auth attempts only? (== bad login or
> password provided)
https://github.com/Exim/exim/wiki/BlockCracking
> Condition like:
>
> ${if eq{$authentication_failed}{1}}
>
> doesn't work because it also catches cases where client cancelled smtp
> auth attempt (rfc2554
On 12/04/2022 08:24, Arkadiusz Miśkiewicz via Exim-users wrote:
How to catch brute foce smtp auth attempts only? (== bad login or
password provided)
Ideas?
server_condition = ${acl {auth_check} {$auth2}{$auth3}}
--
Cheers,
Jeremy
--
## List details at
Hello.
How to catch brute foce smtp auth attempts only? (== bad login or
password provided)
Condition like:
${if eq{$authentication_failed}{1}}
doesn't work because it also catches cases where client cancelled smtp
auth attempt (rfc2554 and "*").
Exim internally sees difference:
535
