Debian

Debian 10.4 / Exim 4.92 為不成功的登錄嘗試答案添加了增量延遲

  • June 28, 2020

瀏覽了整個網際網路,但找不到答案。是否有任何 acl 或我可以應用於不成功的登錄嘗試添加延遲的東西?可能像執行 mx 的任何人一樣,我有很多機器人登錄試圖猜測使用者密碼。為了使字典攻擊至少更加困難,我想在每次不成功的登錄嘗試的答案之後添加一些(增量更好)延遲。但是找不到如何使用標準的 debian exim 安裝來做到這一點。請分享一個並簡要說明。

我有同樣的問題,這個連結真的幫助了我: https ://lists.exim.org/lurker/message/20120201.122116.eec741e8.en.html

這是如何完成的:

acl_smtp_auth = acl_check_auth
acl_smtp_quit = acl_check_quit
acl_smtp_notquit = acl_check_notquit
acl_smtp_mail = acl_check_mail
acl_smtp_connect = acl_check_connect

begin acl

acl_check_auth:
 drop  message = authentication is allowed only once per message in order \
                 to slow down bruteforce cracking
       set acl_m_auth = ${eval10:0$acl_m_auth+1}
       condition = ${if >{$acl_m_auth}{2}}
       delay = 22s

 drop  message = blacklisted for bruteforce cracking attempt
       set acl_c_authnomail = ${eval10:0$acl_c_authnomail+1}
       condition = ${if >{$acl_c_authnomail}{4}}
       continue = ${run{SHELL -c "echo $sender_host_address \
          >>$spool_directory/blocked_IPs; \
          \N{\N echo Subject: $sender_host_address blocked; echo; echo \
          for bruteforce auth cracking attempt.; \
          \N}\N | EXIMBINARY WARNTO"}}

 accept

acl_check_quit:
 warn  condition = ${if def:authentication_failed}
       condition = $authentication_failed
       logwrite = :reject: quit after authentication failed: \
                           ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}}
       ratelimit = 7 / 5m / strict / per_conn
       continue = ${run{SHELL -c "echo $sender_host_address \
          >>$spool_directory/blocked_IPs; \
          \N{\N echo Subject: $sender_host_address blocked; echo; echo \
          for bruteforce auth cracking attempt.; \
          \N}\N | EXIMBINARY WARNTO"}}

acl_check_notquit:
 warn  condition = ${if def:authentication_failed}
       condition = $authentication_failed
       logwrite = :reject: $smtp_notquit_reason after authentication failed: \
                           ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}}
       condition = ${if eq{$smtp_notquit_reason}{connection-lost}}
       ratelimit = 7 / 5m / strict / per_conn
       continue = ${run{SHELL -c "echo $sender_host_address \
          >>$spool_directory/blocked_IPs; \
          \N{\N echo Subject: $sender_host_address blocked; echo; echo \
          for bruteforce auth cracking attempt.; \
          \N}\N | EXIMBINARY WARNTO"}}

acl_check_mail:
 accept set acl_c_authnomail = 0

acl_check_connect:
 drop  message = $sender_host_address locally blacklisted for a bruteforce \
                 auth (login+password) cracking attempt
       condition = ${if exists{$spool_directory/blocked_IPs}}
       condition = ${lookup{$sender_host_address}lsearch\
                   {$spool_directory/blocked_IPs}{1}{0}}

 accept 

引用自:https://serverfault.com/questions/1018022