[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fail2ban-users
Subject:    [Fail2ban-users] Fwd: Re:  extra postfix bans
From:       Mike <t3 () rohms ! com>
Date:       2020-03-25 16:03:14
Message-ID: 202003261559.02QFxr9k039182 () mail ! icorp ! net
[Download RAW message or body]


>
>I'm using sendmail-reject, which gets lots of hits after I 
>disallowed authentication on port 25. I'm assuming it's bots looking 
>for a way to guess logins. Perhaps you can adapt those rules for Postfix.

I've been using login-shield 
(https://github.com/dpsystems/login-shield) to stop a lot of that, 
but it doesn't by default block port 25/smtp traffic - I don't want 
to cause filters to reject mail just logins.

Although in this case, there doesn't appear to be an attempt to 
login?  So just checking for vulnerabilities or something?

If anybody can help draft a rule to catch this stuff too, let me 
know.  Or does anybody think it could interfere with legitimate 
traffic?  Not sure what's going on with the connections and drops.




_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
[prev in list] [next in list] [prev in thread] [next in thread]