Am 01.12.19 um 14:48 schrieb Jeremy Harris via Exim-users: > On 29/11/2019 17:43, Cyborg via Exim-users wrote: >> which brings me to a quick question: has exim any build in support to >> protected privileged users like root from getting brute forced by this? > Exim provides a toolkit; it's up to you to write your config to > support your needs. Builtin stuff is more at the level of > violations of documented SMTP protocol. >
This seems to be the newest brute force tactic: 2019-12-01 23:43:10 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=node-1am2.pool-101-51.dynamic.totinternet.net [101.51.235.250] next input="999999999\r\n" executed with a badly written script :) but, as a bot net did it, it badly hurt a small vm and blocking the attackers would be nice. @Jeremy: Is it possible to detect it in an ACL before exim itself rejects the client by the default number of protocol violations? Besides the options for the smtp error limits, i did not find a way. Maybe i missed something? best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
