Is there something like denyhosts for sasl dictionary attacks?
vendor at billoblog.com
vendor at billoblog.com
Fri Feb 5 17:42:23 UTC 2016
On Thu, 4 Feb 2016, Tom Rivers wrote:
> On 2/4/2016 4:07 PM, vendor at billoblog.com wrote:
>>
>> Is there something like denyhosts for sasl attacks? I'm getting tired
>> of stuff like this:
>>
>>
>> Jan 31 04:52:38 hope saslauthd[1333]: do_auth : auth failure:
>> [user=abby] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM
>> auth error]
>
>
> I use fail2ban and you can configure custom filters to snag log entries of
> note, create custom jails for banning the offender after X failures for X
> amount of time (or indefinitely), and you can even have it maintain a
> database of the IPs logged so the next time you boot it will ban all the IPs
> again which also has a lifespan setting for its entries (i.e. finite of
> infinite ban time).
>
>
> Tom
>
Thanks! I just installed...
billo
More information about the users
mailing list