浏览了整个互联网,但找不到答案。是否有任何 acl 或其他东西可以应用于失败的登录尝试以增加延迟?可能与任何运行 mx 的人一样,我有很多机器人登录试图猜测用户密码。为了使字典攻击至少更困难一些,我想在每次失败的登录尝试的答案后添加一些(增量更好)延迟。但无法找到如何使用标准 debian exim 安装来做到这一点。请分享一个并附上简要说明。
答案1
我遇到了同样的问题,这个链接确实帮助了我: https://lists.exim.org/lurker/message/20120201.122116.eec741e8.en.html
以下是具体操作方法:
acl_smtp_auth = acl_check_auth
acl_smtp_quit = acl_check_quit
acl_smtp_notquit = acl_check_notquit
acl_smtp_mail = acl_check_mail
acl_smtp_connect = acl_check_connect
begin acl
acl_check_auth:
drop message = authentication is allowed only once per message in order \
to slow down bruteforce cracking
set acl_m_auth = ${eval10:0$acl_m_auth+1}
condition = ${if >{$acl_m_auth}{2}}
delay = 22s
drop message = blacklisted for bruteforce cracking attempt
set acl_c_authnomail = ${eval10:0$acl_c_authnomail+1}
condition = ${if >{$acl_c_authnomail}{4}}
continue = ${run{SHELL -c "echo $sender_host_address \
>>$spool_directory/blocked_IPs; \
\N{\N echo Subject: $sender_host_address blocked; echo; echo \
for bruteforce auth cracking attempt.; \
\N}\N | EXIMBINARY WARNTO"}}
accept
acl_check_quit:
warn condition = ${if def:authentication_failed}
condition = $authentication_failed
logwrite = :reject: quit after authentication failed: \
${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}}
ratelimit = 7 / 5m / strict / per_conn
continue = ${run{SHELL -c "echo $sender_host_address \
>>$spool_directory/blocked_IPs; \
\N{\N echo Subject: $sender_host_address blocked; echo; echo \
for bruteforce auth cracking attempt.; \
\N}\N | EXIMBINARY WARNTO"}}
acl_check_notquit:
warn condition = ${if def:authentication_failed}
condition = $authentication_failed
logwrite = :reject: $smtp_notquit_reason after authentication failed: \
${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}}
condition = ${if eq{$smtp_notquit_reason}{connection-lost}}
ratelimit = 7 / 5m / strict / per_conn
continue = ${run{SHELL -c "echo $sender_host_address \
>>$spool_directory/blocked_IPs; \
\N{\N echo Subject: $sender_host_address blocked; echo; echo \
for bruteforce auth cracking attempt.; \
\N}\N | EXIMBINARY WARNTO"}}
acl_check_mail:
accept set acl_c_authnomail = 0
acl_check_connect:
drop message = $sender_host_address locally blacklisted for a bruteforce \
auth (login+password) cracking attempt
condition = ${if exists{$spool_directory/blocked_IPs}}
condition = ${lookup{$sender_host_address}lsearch\
{$spool_directory/blocked_IPs}{1}{0}}
accept