Request to add SMTP Auth Restircion to IP's to spamblocker/DA exim.conf

DA-Rff

Verified User
Joined
Dec 4, 2006
Messages
119
EDIT: this can be added to /etc/exim.variables.conf.custom per instructions on https://help.directadmin.com/item.php?id=576

I would like to have the following added to the standard spamblocker exim.conf:

Code:
#EDIT exim.smtpauth
#place exim.smtp.auth file in /etc/ with allowed IP's to login for SMTP
auth_advertise_hosts = ${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}

I have tested it now for a couple of days and it has effectively stopped all bruteforce exim logins on my server

Some background info:
I saw Bruteforce attempts on my exim all day. This server is only used by me for my own sites, SMTP outgoing is outsourced to sendgrid.com

The mentioned code was found on (http://sysadmintips.in/advanced/csf/exim) - following are instructions to make it work without CSF:
- add a file called exim.smtpauth in /etc/
- in exim.smtpauth place 127.0.0.1 plus xxx.xxx.xxx.xxx's (all IP's you allow to do smtp logins PLUS IP's in use on your webserver)
- add the following line to the beginning of exim.conf

Code:
auth_advertise_hosts = ${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}

restart exim

so far it has effectively stopped all brute force exim smtp logins on my server
 
Last edited:
It may be useful for you or for users who use server for personal purpose, but on hosting companies, this is not applicable at all cause you will need to know every dynamic IP of every customer everytime, impossible :)

Instead of this, a firewall (like csf+lfd+bfm) would simply permanently ban the IP using iptables after a bruteforce get noticed, this will decrease the number of inocming brute force attack and will permit you and your customer to not have problem with it.

Maybe can be applicable as an optional thing, or maybe create it with allow all inside, so everyone can decide to use it and restrict access or not.

Regards
 
Since the latest upgrade in my exim.conf file, the code below no longer works, does anybody know why it no longer works and how to get it to work again?

#EDIT exim.smtpauth
#place exim.smtp.auth file in /etc/ with allowed IP's to login for SMTP
auth_advertise_hosts = ${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}

Thanks

OK it needs to be added to custom file, see first post
 
Last edited:
Back
Top