On 11/05/2023 18:28, Slavko via Exim-users wrote:
By docs, the default smtp_accept_max is 20, i have set it higher value already, but that doesn't matter, as i see that attacker has many thousands IPs available. Thus i wonder, that it is able to reach that limit if it will want anytime, just by opening many connections and abandon them, thus effective run DDoS against MSA. I didn't meet that DDoS yet, but i wonder about it -- is my wondering real or am i too paranoid?
The _max option is there to cap the load imposed on the system; a DDOS is possible whether you have that cap or not (though a DOS become easier if you limit to lower than the ultimate system capability). It's not related to authentication, really, unless your system *only* handles MSA work. One might imagine a per-port cap... but the implementation feels problematic at first glance; you really don't want to be doing an expensive expansion in the daemon loop.
is here way to drop these policy blocked logins to prevent connection timeouts
If your authenticator has an expansion which determines this policy condition, what happens if you use an acl expansion component which does a "drop"? I've not tried this; no idea if if functions. -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
