exim got bruce force attack problem , who can help me how to solve this problem?

M

msn512msn

Verified User
Joined
Aug 27, 2011
Messages
15
exim got brute force attack problem , who can help me how to solve this problem?

exim got brute force attack problem , who can help me how to solve this problem?

one of my client email account got bruce force attack with over 1000 attempt wrong
login... now server become very lag , and i was stop the exim in service monitor
but when i start back , the bruce force will continue ....

i got install csf and will auto block ip when few time login fail
but the attack will change ip each time ... so csf become useless

.... now i don now how to solve this problem.. because stop exim will cause other client also want use to send email....

who can know how to solve this ?
 
Last edited:
exim got brute force attack problem , who can help me how to solve this problem?

exim got brute force attack problem , who can help me how to solve this problem?

one of my client email account got bruce force attack with over 1000 attempt wrong
login... now server become very lag , and i was stop the exim in service monitor
but when i start back , the bruce force will continue ....

i got install csf and will auto block ip when few time login fail
but the attack will change ip each time ... so csf become useless

.... now i don now how to solve this problem.. because stop exim will cause other client also want use to send email....

who can know how to solve this ?
 
hi can i know code below is ? how to set to prevent different ip attack?
i alreadly has csf but block ip is useless , because their hack use many different ip to hack .. so block also no use


smtp_accept_max_per_host = 10
smtp_accept_max_per_connection = 20
smtp_accept_queue = 70
smtp_accept_queue_per_connection = 10
smtp_accept_reserve = 21
...
...
...
remote_max_parallel = 10


thanks
 
msn512msn said:
hi can i know code below is ? how to set to prevent different ip attack?
i alreadly has csf but block ip is useless , because their hack use many different ip to hack .. so block also no use
Click to expand...

I don't know what you mean.... but I guess you are asking how to use those lines, that I posted earlier. So you should modify them (you might already have those lines in /etc/exim.conf with another values), or add them into /etc/exim.conf if you have nothing of them or partly. Anywhere it would be better to hire somebody or at least Google for more information on how to tune exim and how to set the config with those directives.

http://www.exim.org/exim-html-current/doc/html/spec_html/ch14.html#SECID105
 
hi actually you understand my question?
now i just now to want how to set to block attacking or can block the select email only
because if off exim will cause other client cannot use email
thans
 
disable domain then...... and use the lines I've given you to decrease the load on your server...
 
I have tons every day, although 99% of attacks just use the usernames and not [email protected] (which, DA/etc is configured to accept by default), unless they know what domains are hosted.

Just my thought. Yes, attacks are a pain, but if I'm right, it's not as bad.
 
You must log in or register to reply here.
Back
Top