On 25/01/2021 10:36, Cyborg via Exim-users wrote:
2021-01-25 10:15:47 H=<HOSTNAME> (EHLO STRING) [IP ADDRESS]
X=TLS1.3:TLS_AES_128_GCM_SHA256:128 CV=no rejected AUTH PLAIN BASE64STRING :
authentication is allowed only once per message in order to slow down bruteforce
cracking
This config part:
acl_check_auth:
drop message = authentication is allowed only once per message in order \
to slow down bruteforce cracking
I don't see a good reason to print that info into the log, as in the case I
found, the mailclient just made a mistake and it was not an attacker.
We do avoid logging the equivalent on outgoing... I guess that case was more
obviously
"our" sensitive info. I agree this could do with attention.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
