Multiple rapid Exim authentication failures.
This rule detects when exim reports a number of incorrect authentication failures for the same IP over a long period of time. The threshold is 8 failures in 1 hour.
This detects slow brute force attacks.
There are no known false positive for this rule.
Knowledge Base Articles