block IP of Exim DoS
A functionality shall be developed that can sense multiple SMTP connection + drops from the same IP that arrive in the same second (SMTP DoS).
Such a behaviour will lead to a socket "connect timed out inside "and{...}" condition" in the exim, which will prevent all users from authenticating to the mailserver.
For an example see below:
2012-12-11 18:45:12 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:36229 lost
2012-12-11 18:45:12 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:36238 lost
2012-12-11 18:45:12 courier_login authenticator failed for
mail.somehostname.com (HOST-NAME) [123.23.123.23]:36307: 435 Unable
to authenticate at
present (set_id=user): socket connect timed out inside "and{...}" condition
2012-12-11 18:45:12 courier_login authenticator failed for
mail.somehostname.com (HOST-NAME) [123.23.123.23]:36316: 435 Unable
to authenticate at
present (set_id=user): socket connect timed out inside "and{...}" condition
2012-12-11 18:45:12 courier_login authenticator failed for
mail.somehostname.com (HOST-NAME) [123.23.123.23]:35962: 435 Unable
to authenticate at
present (set_id=mail): socket read timed out inside "and{...}" condition
2012-12-11 18:45:12 courier_login authenticator failed for
mail.somehostname.com (HOST-NAME) [123.23.123.23]:35963: 435 Unable
to authenticate at
present (set_id=mail): socket read timed out inside "and{...}" condition
2012-12-11 18:45:12 courier_login authenticator failed for
mail.somehostname.com (HOST-NAME) [123.23.123.23]:35966: 435 Unable
to authenticate at
present (set_id=mail): socket read timed out inside "and{...}" condition
2012-12-11 18:45:12 courier_login authenticator failed for
mail.somehostname.com (HOST-NAME) [123.23.123.23]:35967: 435 Unable
to authenticate at
present (set_id=mail): socket read timed out inside "and{...}" condition
2012-12-11 18:45:12 courier_login authenticator failed for
mail.somehostname.com (HOST-NAME) [123.23.123.23]:35968: 435 Unable
to authenticate at
present (set_id=mail): socket read timed out inside "and{...}" condition
2012-12-11 18:45:12 courier_login authenticator failed for
mail.somehostname.com (HOST-NAME) [123.23.123.23]:35969: 435 Unable
to authenticate at
present (set_id=mail): socket read timed out inside "and{...}" condition
2012-12-11 18:45:12 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:35962 lost
2012-12-11 18:45:12 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:35963 lost
2012-12-11 18:45:12 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:36291 lost
2012-12-11 18:45:12 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:36307 lost
2012-12-11 18:45:13 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:36316 lost
2012-12-11 18:45:13 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:35969 lost
2012-12-11 18:45:13 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:35967 lost
2012-12-11 18:45:13 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:35968 lost
2012-12-11 18:45:13 SMTP connection from mail.somehostname.com (HOST-NAME) [123.23.123.23]:35966 lost
2012-12-11 18:45:13 courier_login authenticator failed forxxxx .tun0.hostname.net (xyz) [234.00.234.00]:51857: 435
Unable to authenticate
at present (set_id=user+domain.net): socket connect timed out inside "and{...}" condition
2012-12-11 18:45:13 SMTP connection from xxxx.tun0.hostname.net (xyz) [234.00.234.00]:51857 lost
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Hello, I've modified your response to remove any identifying information. It is good practice to remove any private data when posting on the internet.
Hello, I've modified your response to remove any identifying information. It is good practice to remove any private data when posting on the internet.
Replies have been locked on this page!