Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

Drop smtp connection before authentication

  

 
First page Previous page 1 2 Next page Last page  View All exim users RSS feed   Index | Next | Previous | View Threaded


peter at bowyer

Oct 30, 2009, 4:08 AM

Post #26 of 29 (162 views)
Permalink
Re: Drop smtp connection before authentication [In reply to]
2009/10/30 Ted Cooper <eximX0902w[at]linuxwan.net>:
> On Fri, 2009-10-30 at 09:48 +0000, Peter Bowyer wrote:
>> You can't get the staff, can you.....
>
> Leave my hero alone :P
>
> I have been incredibly pleased to see how many patches and bug fixes
> Nigel and others have gone through in the last few weeks.
>
> If only I still had the time to throw at email as I used to - I thank
> those who do and continue to do so.

Couldn't agree more. I have almost no time for such things, and
contribute by helping moderate the mailing lists - Nigel has
unexpectedly had time on his hands recently and, fortunately for Exim,
has spent a good deal of it on bug-bashing.


--
Peter Bowyer
Email: peter[at]bowyer.org
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


jpm at retail-sc

Oct 30, 2009, 4:37 AM

Post #27 of 29 (162 views)
Permalink
Re: Drop smtp connection before authentication [In reply to]
> Leave my hero alone :P

Hear, hear!

-JP



--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


nigel.metheringham at dev

Oct 30, 2009, 8:29 AM

Post #28 of 29 (161 views)
Permalink
Re: Drop smtp connection before authentication [In reply to]
On 30 Oct 2009, at 11:00, Ted Cooper wrote:

> Leave my hero alone :P

I'm touched (in so many meanings of the word).

> I have been incredibly pleased to see how many patches and bug fixes
> Nigel and others have gone through in the last few weeks.

and soon I should get the idea of doing commits against the right bug
number.

> If only I still had the time to throw at email as I used to - I thank
> those who do and continue to do so.

In general I don't. Currently I am laid up at home, so unusually do
have some spare time... We still need to encourage a bigger development
community.

Nigel.

--
[ Nigel Metheringham Nigel.Metheringham[at]InTechnology.com ]
[. - Comments in this message are my own and not ITO opinion/policy - ]


--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


t.baer at dokom

Oct 30, 2009, 11:57 AM

Post #29 of 29 (156 views)
Permalink
Re: Drop smtp connection before authentication [In reply to]
Thanks for your help, Dean.
This works really good!

Regards
Torsten
>> Well, the configuration is listed in its entirety below actually. Just
>> copy/paste each particular portion into the specified section.
>>
>> Note that I added the following line into the global section below:
>>
>> smtp_accept_max_nonmail = 5
>>
>> That will limit the number of failed auth attempts per connection and
>> the BADAUTH_LIMIT macro sets the number of connections that can fail
>> due to failed auth.
>>
>> How does it work? Essentially, when a connection ends, either the
>> check_quit or the check_notquit ACL is executed depending upon whether
>> it was a graceful disconnection or not. Either way, if it sees that
>> authentication failed in any way, it increments the "badauth" counter
>> that is keyed to the sender's IP address.
>>
>> When a new connection comes in, it checks the counter (without updating it)
>> to see if the limit has been hit within the BADAUTH_LIMIT timeframe.
>>
>> Here is the original config items:
>>
>>
>> In the global config section of your config:
>>
>> BADAUTH_LIMIT = 15 / 2h
>>
>> acl_smtp_connect = check_connection
>> acl_smtp_quit = check_quit
>> acl_smtp_notquit = check_notquit
>> smtp_accept_max_nonmail = 5
>>
>> In the ACL section of your config:
>>
>> check_connection:
>> drop message = Too many failed authentication attempts
>> ratelimit = BADAUTH_LIMIT / noupdate /
>> badauth:$sender_host_address
>>
>> check_quit:
>> accept condition = ${if eq{$authentication_failed}{1}}
>> ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address
>>
>> check_notquit:
>> accept condition = ${if eq{$authentication_failed}{1}}
>> ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address
>>
>
> --
> Dean Brooks
> dean[at]iglou.com
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

First page Previous page 1 2 Next page Last page  View All exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.