The last 2-3 months, my server was been attack with SMTP brute force and there were also accounts that has been compromised and used to sent out SPAM.
This is some of the mitigation action where we restricted the AUTH from only 1 country.
- Go to Exim Configuration Manager – Advance Editors
- Find “Add additional configuration setting”
- Add New Value from the drop down menu “auth_advertise_hosts”
- Fill in the value to =
-
${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}
- Scroll down and save
- Then edit /etc/csf/csf.conf and enable SMTPAUTH_RESTRICT to 1
- Then add your country to CC_ALLOW_SMTPAUTH. For my scenario i put it MY since my client from Malaysia.
- Then restart your csf with option -r
- If you like to allow custom IP range for auth for example to allow login from google. Do add the IP in this file /etc/csf/csf.smtpauth.
It’s done.
Thanks to : http://sysadmin.testrock.in/doku.php?id=advanced:csf:exim&s[]=exim&s[]=auth