From ametzler at bebt.de Sat Jan 11 12:29:20 2020 From: ametzler at bebt.de (Andreas Metzler) Date: Sat, 11 Jan 2020 13:29:20 +0100 Subject: [Pkg-exim4-users] [m40636067@gmail.com: Protect against brute-force: how to use BADAUTH_LIMIT] Message-ID: <20200111122920.GC1424@argenau.bebt.de> ----- Forwarded message from Brian Wengel ----- Date: Tue, 7 Jan 2020 00:31:20 +0100 From: Brian Wengel Subject: Protect against brute-force: how to use BADAUTH_LIMIT Message-ID: I've read this thread: https://lists.exim.org/lurker/message/20120709.015548.eb9d2ba2.en.html This is how my "/etc/exim4/conf.d/acl/00_exim4-config_header" looks like: ---------------------------------------- BADAUTH_LIMIT = 5 / 2h acl_smtp_connect = check_connection acl_smtp_quit = check_quit acl_smtp_notquit = check_notquit begin acl check_connection: drop message = Too many failed authentication attempts ratelimit = BADAUTH_LIMIT / noupdate / badauth:$sender_host_address check_quit: accept condition = ${if eq{$authentication_failed}{1}} ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address check_notquit: accept condition = ${if eq{$authentication_failed}{1}} ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address ---------------------------------------- Now when I make a telnet connection to the server I get this error: # telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 550 Administrative prohibition Connection closed by foreign host. What did I do wrong? Secondly, where could I have found information about BADAUTH_LIMIT etc? Been searching the Debian readme and the upstream documentation file, but couldn't find any. ----- End forwarded message ----- -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From ametzler at bebt.de Sat Jan 11 17:57:57 2020 From: ametzler at bebt.de (Andreas Metzler) Date: Sat, 11 Jan 2020 18:57:57 +0100 Subject: [Pkg-exim4-users] Protect against brute-force: how to use BADAUTH_LIMIT In-Reply-To: References: Message-ID: <20200111175757.GE1424@argenau.bebt.de> On 2020-01-07 Brian Wengel wrote: > I've read this thread: > https://lists.exim.org/lurker/message/20120709.015548.eb9d2ba2.en.html > This is how my "/etc/exim4/conf.d/acl/00_exim4-config_header" looks like: > ---------------------------------------- > BADAUTH_LIMIT = 5 / 2h > acl_smtp_connect = check_connection > acl_smtp_quit = check_quit > acl_smtp_notquit = check_notquit > begin acl > check_connection: > drop message = Too many failed authentication attempts > ratelimit = BADAUTH_LIMIT / noupdate / badauth:$sender_host_address > check_quit: > accept condition = ${if eq{$authentication_failed}{1}} > ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address > check_notquit: > accept condition = ${if eq{$authentication_failed}{1}} > ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address > ---------------------------------------- ... which will generate an invalid exim configuration. acl_smtp_connect et al have to go into the main configuration setting. Please consult https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_runtime_configuration_file.html Copying and pasting configuration snippets without properly understanding them will bite you. > Now when I make a telnet connection to the server I get this error: > # telnet 127.0.0.1 25 > Trying 127.0.0.1... > Connected to 127.0.0.1. > Escape character is '^]'. > 550 Administrative prohibition > Connection closed by foreign host. > What did I do wrong? Check the logfile. > Secondly, where could I have found information about BADAUTH_LIMIT etc? https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_runtime_configuration_file.html#SECTmacrodefs http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTaclconditions cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'