Bug#880905: exim4-config: Sender verification could be exploited for brute-force scan

Hi Same as I told Exim devs: we finally opted for enabling Exim support in fail2ban. This gives better result for all brute-force attempts as they're soon cut off and don't waste bandwidth. Thanks for your feedback :) At 05/11/17 18:59, Marc Haber wrote: On Sun, Nov 05, 2017 at 04:09:37PM

Bug#880905: exim4-config: Sender verification could be exploited for brute-force scan

Hi! At 05/11/17 18:59, Marc Haber wrote: On Sun, Nov 05, 2017 at 04:09:37PM +0100, Andreas Metzler wrote: I do not see the attacker gain, the same information can be extracted by trying out RCPT TO *@omega-software.com with FROM attac...@gmail.com. Additionally, we are desperately trying to

Bug#880905: exim4-config: Sender verification could be exploited for brute-force scan

On Sun, Nov 05, 2017 at 04:09:37PM +0100, Andreas Metzler wrote: > I do not see the attacker gain, the same information can be extracted by > trying out RCPT TO *@omega-software.com with FROM attac...@gmail.com. Additionally, we are desperately trying to stay close to the upstream configuration.

Bug#880905: exim4-config: Sender verification could be exploited for brute-force scan

Hi! At 05/11/17 16:09, Andreas Metzler wrote: After this change, it's no longer possible for an attacker to use this technique to extract information. All their attempts would result in "relay not permitted" regardless of sender address. [...] I do not see the attacker gain, the same

Bug#880905: exim4-config: Sender verification could be exploited for brute-force scan

On 2017-11-05 Paul Graham wrote: > Package: exim4-config > Version: 4.90~RC1-1 > Severity: normal > Dear Maintainer, > *** Reporter, please consider answering these questions, where appropriate *** >* What led up to the situation? > This recently came up in

Bug#880905: exim4-config: Sender verification could be exploited for brute-force scan

Package: exim4-config Version: 4.90~RC1-1 Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? This recently came up in Exim logs: 2017-11-03 16:22:39 H=(ws2008) [10.20.30.40]