Can sasl/sendmail Report IP Of Failed Access?
Warren Block
wblock at wonkity.com
Tue Jun 4 22:54:46 UTC 2013
On Tue, 4 Jun 2013, Tim Daneliuk wrote:
> On 06/04/2013 04:51 PM, Doug Hardie wrote:
>>
>> On 4 June 2013, at 08:47, Tim Daneliuk <tundra at tundraware.com> wrote:
>>
>>> I am seeing login dictionary attacks on a FreeBSD mail server being
>>> reported. Is there a way to determine the IPs that are doing this
>>> so they can be blocked at the firewall? auth.log only
>>> notes the attempted user name, not the IP of origin.
>>> --
>>>
>>
>> I wrote some code to find the appropriate maillog entries which do include
>> the IP addresses. It automagically adds the IP addresses to the pf
>> blackhole table if certain criteria is met. The criteria is changeable.
>> If you would like a copy, let me know.
>>
>
> Yes, I'd love a look at that, thanks.
sshguard is supposed to be capable of analyzing log files beyond just
ssh.
More information about the freebsd-questions
mailing list