Is there something like denyhosts for sasl attacks? I'm getting tired of stuff like this:
Jan 31 04:52:38 hope saslauthd[1333]: do_auth : auth failure: [user=abby] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM auth error] Jan 31 04:57:35 hope saslauthd[1335]: do_auth : auth failure: [user=abby] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM auth error] Jan 31 05:22:05 hope saslauthd[1334]: do_auth : auth failure: [user=abby] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM auth error] Jan 31 06:40:05 hope saslauthd[1337]: do_auth : auth failure: [user=info] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM auth error] Jan 31 06:40:07 hope saslauthd[1336]: do_auth : auth failure: [user=info] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM auth error] Jan 31 06:40:09 hope saslauthd[1333]: do_auth : auth failure: [user=info] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM auth error] etc.
On 2/4/2016 4:07 PM, vendor@billoblog.com wrote:
Is there something like denyhosts for sasl attacks? I'm getting tired of stuff like this:
Jan 31 04:52:38 hope saslauthd[1333]: do_auth : auth failure: [user=abby] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM auth error]
I use fail2ban and you can configure custom filters to snag log entries of note, create custom jails for banning the offender after X failures for X amount of time (or indefinitely), and you can even have it maintain a database of the IPs logged so the next time you boot it will ban all the IPs again which also has a lifespan setting for its entries (i.e. finite of infinite ban time).
Tom
On Thu, 4 Feb 2016, Tom Rivers wrote:
On 2/4/2016 4:07 PM, vendor@billoblog.com wrote:
Is there something like denyhosts for sasl attacks? I'm getting tired of stuff like this:
Jan 31 04:52:38 hope saslauthd[1333]: do_auth : auth failure: [user=abby] [service=smtp] [realm=billoblog.com] [mech=pam] [reason=PAM auth error]
I use fail2ban and you can configure custom filters to snag log entries of note, create custom jails for banning the offender after X failures for X amount of time (or indefinitely), and you can even have it maintain a database of the IPs logged so the next time you boot it will ban all the IPs again which also has a lifespan setting for its entries (i.e. finite of infinite ban time).
Tom
Thanks! I just installed...
billo
-
Tom Rivers -
William Oliver