Cyborg via Exim-users <[email protected]> (Di 03 Dez 2019 10:19:33 CET): > > With your approach this IP will be whitelisted, given that at least one > > device is able to login sucessfully. > > I don't think, you thought this throu to the end... this is the consequence: > > "At my local network, I can bruteforce the mailserver accounts, because > one of the clients logged in successfully."
Brute force shouldn't be a problem if your passwords are secure. If behind a given IP is a good client, they deserve trust to a limited extend. Still not allowing the majority of IPs to brute force my accounts and thus spamming my logs. > Nothing you really wanne make possible. Don't do this. > > Blocking IPs is also a early warning system, which detectes mistakes > very fast. I hurts when it hits, but it speeds up the fix also. If you ever changed a password and there is any "autologin" client not knowing the updated password, you're in trouble with blocking the auth-failed-IP. -- Heiko
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
