Hi
Same as I told Exim devs: we finally opted for enabling Exim support in
fail2ban. This gives better result for all brute-force attempts as they're soon
cut off and don't waste bandwidth.
Thanks for your feedback :)
At 05/11/17 18:59, Marc Haber wrote:
On Sun, Nov 05, 2017 at 04:09:37PM +0100, Andreas Metzler wrote:
I do not see the attacker gain, the same information can be extracted by
trying out RCPT TO *@omega-software.com with FROM attac...@gmail.com.
Additionally, we are desperately trying to stay close to the upstream
configuration. If this is really an issue, then all non-Debian exim
installations are vulnerable as well.
What I am trying to say is, this issue should be reported and
discussed with upstream _before_ we make this change. Paul, can you do
that to make your point there?
Greetings
Marc
--
Paul Graham
Development Dept.
http://Omega-Software.com/
Omega Software
