Sendmail Modification

Mon Jun 15 08:59:28 UTC 2015

I need to modify sendmail such that when a SMTP-AUTH request fails, sendmail drops the connection.  I am constantly being hit by password guessing attempts.  My first thought was to introduce a 1 or 2 minute delay after an authentication failure.  However, I suspect the attackers would just open a new connection and leave me with bunches of connections waiting to time out.  Hence the need to drop the connection.

Looking through the code it appears there are 2 places in srvrsmtp.c where the SASL return code is not SASL_OK or SASL_CONT.  An "AUTH failure” is logged in both those instances.  I believe that an exit right after the RESET_SASLCONN would do what I need.  Does this appear to be the right place?