Is there something like denyhosts for sasl dictionary attacks?
vendor at billoblog.com
vendor at billoblog.com
Thu Feb 4 21:07:25 UTC 2016
Is there something like denyhosts for sasl attacks? I'm getting tired
of stuff like this:
Jan 31 04:52:38 hope saslauthd[1333]: do_auth : auth failure:
[user=abby] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM
auth error]
Jan 31 04:57:35 hope saslauthd[1335]: do_auth : auth failure:
[user=abby] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM
auth error]
Jan 31 05:22:05 hope saslauthd[1334]: do_auth : auth failure:
[user=abby] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM
auth error]
Jan 31 06:40:05 hope saslauthd[1337]: do_auth : auth failure:
[user=info] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM
auth error]
Jan 31 06:40:07 hope saslauthd[1336]: do_auth : auth failure:
[user=info] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM
auth error]
Jan 31 06:40:09 hope saslauthd[1333]: do_auth : auth failure:
[user=info] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM
auth error]
etc.
More information about the users
mailing list