Can sasl/sendmail Report IP Of Failed Access?
Chris Hill
chris at monochrome.org
Tue Jun 4 22:18:21 UTC 2013
On Tue, 4 Jun 2013, Doug Hardie wrote:
> On 4 June 2013, at 08:47, Tim Daneliuk <tundra at tundraware.com> wrote:
>
>> I am seeing login dictionary attacks on a FreeBSD mail server being
>> reported. Is there a way to determine the IPs that are doing this
>> so they can be blocked at the firewall? auth.log only
>> notes the attempted user name, not the IP of origin.
>> --
>>
>
> I wrote some code to find the appropriate maillog entries which do
> include the IP addresses. It automagically adds the IP addresses to
> the pf blackhole table if certain criteria is met. The criteria is
> changeable. If you would like a copy, let me know.
That sounds incredibly useful. Can you post it somewhere?
--
Chris Hill chris at monochrome.org
** [ Busy Expunging </> ]
More information about the freebsd-questions
mailing list