Hi

Same as I told Exim devs: we finally opted for enabling Exim support in 
fail2ban. This gives better result for all brute-force attempts as they're soon 
cut off and don't waste bandwidth.

Thanks for your feedback :)


At 05/11/17 18:59, Marc Haber wrote:
On Sun, Nov 05, 2017 at 04:09:37PM +0100, Andreas Metzler wrote:
I do not see the attacker gain, the same information can be extracted by
trying out RCPT TO *@omega-software.com with FROM attac...@gmail.com.
Additionally, we are desperately trying to stay close to the upstream
configuration. If this is really an issue, then all non-Debian exim
installations are vulnerable as well.

What I am trying to say is, this issue should be reported and
discussed with upstream _before_ we make this change. Paul, can you do
that to make your point there?

Greetings
Marc


--
Paul Graham
Development Dept.
http://Omega-Software.com/

Omega Software

Reply via email to