[Pkg-exim4-users] Protect against brute-force: how to use BADAUTH_LIMIT

[Andreas Metzler]

On 2020-01-07 Brian Wengel <m40636067 at gmail.com> wrote:
> I've read this thread:
> https://lists.exim.org/lurker/message/20120709.015548.eb9d2ba2.en.html

> This is how my "/etc/exim4/conf.d/acl/00_exim4-config_header" looks like:
> ----------------------------------------
> BADAUTH_LIMIT = 5 / 2h

> acl_smtp_connect = check_connection
> acl_smtp_quit = check_quit
> acl_smtp_notquit = check_notquit

> begin acl

> check_connection:
>  drop message = Too many failed authentication attempts
>  ratelimit = BADAUTH_LIMIT / noupdate / badauth:$sender_host_address

> check_quit:
>  accept condition = ${if eq{$authentication_failed}{1}}
>  ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address

> check_notquit:
>  accept condition = ${if eq{$authentication_failed}{1}}
>  ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address
> ----------------------------------------

... which will generate an invalid exim configuration. acl_smtp_connect
et al have to go into the main configuration setting. Please consult 
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_runtime_configuration_file.html

Copying and pasting configuration snippets without properly
understanding them will bite you.

> Now when I make a telnet connection to the server I get this error:

> # telnet 127.0.0.1 25
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> 550 Administrative prohibition
> Connection closed by foreign host.
> What did I do wrong?

Check the logfile.

> Secondly, where could I have found information about BADAUTH_LIMIT etc?

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_runtime_configuration_file.html#SECTmacrodefs

http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTaclconditions

cu Andreas


-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'