Stop SMTP attack with pam_abl
Andrea Venturoli
ml at netfence.it
Mon Jun 3 17:05:25 UTC 2013
Hello.
I have different sendmail based servers deployed and all of them are,
more or less frequently, subject to dictionary attacks.
So I looked for some solution to stop them and stumbled upon pam_abl.
However it does not seem to do its job; in the logs I have:
> pam_abl[2398]: /usr/local/etc/pam_abl.conf:
host_db=/var/db/pam_abl/hosts.db
> pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_purge=4h
> pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_rule=*:10/1h,30/1d
> pam_abl[2398]: PAM_RHOST is NULL
> pam_abl[2398]: In cleanup, err is 00000000
That "PAM_RHOST is NULL" looks like the culprit to me...
I searched a lot for deeper documentation but came up empty.
Any hint?
bye & Thanks
av.
P.S. I'm not sticking with pam_abl if a better solution exists...
More information about the freebsd-questions
mailing list