Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim Dictionary Attack ACL for cPanel

Discussion in 'General Discussion' started by sh4ka, Oct 13, 2005.

  1. myusername

    myusername Well-Known Member PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    693
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Chirpy, to clarify:

    Does that mean 4 non-authenticated sends to local, non-existent email addresses, or just 4 non-authenticated sends in a row?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member Verifed Vendor

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    The latter. They do have to be part of the same SMTP connection, so typically, it will be users who have 4 or more outgoing emails in their outbox and they then connect and send without POPing. In such cases I'd recommend a client uses SMTP AUTH.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. myusername

    myusername Well-Known Member PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    693
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Thank you for the clarification Chirpy.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. MediaServe

    MediaServe Well-Known Member PartnerNOC

    Joined:
    Apr 9, 2004
    Messages:
    138
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Nashville, TN USA
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Another issue I'm experiencing with the latest version of this script is that it isn't cleaning out /etc/exim_deny. I'm not a perl coder, so I don't know what in the code may be wrong, but nothing added to /etc/exim_deny is ever being removed.

    /etc/exim_deny.pl is scheduled as an hourly cron (via symlink in /etc/cron.hourly, and I've run it at the command line as well. No errors, but no removal of IPs either.

    Any ideas Chirpy?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. chirpy

    chirpy Well-Known Member Verifed Vendor

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    If you run the perl script twice it should empty out the file. If it doesn't, make sure that your /tmp partition isn't full and is chmod 1777.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. MediaServe

    MediaServe Well-Known Member PartnerNOC

    Joined:
    Apr 9, 2004
    Messages:
    138
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Nashville, TN USA
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Running it twice did empty the file, but shouldn't running it once trim out entries older than an hour? Are you suggesting that it should be scheduled to run twice every hour instead of once, as a workaround, and will completely empty the file?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. chirpy

    chirpy Well-Known Member Verifed Vendor

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    No, it should indeed trim it and I've not seen a problem with it not doing so unless there were issues with the ownership of the /tmp/exim_lock.txt file or the permissions on /tmp.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice