Stop SMTP attack with pam_abl
ml at netfence.it
Mon Jun 3 17:05:25 UTC 2013
I have different sendmail based servers deployed and all of them are,
more or less frequently, subject to dictionary attacks.
So I looked for some solution to stop them and stumbled upon pam_abl.
However it does not seem to do its job; in the logs I have:
> pam_abl: /usr/local/etc/pam_abl.conf:
> pam_abl: /usr/local/etc/pam_abl.conf: host_purge=4h
> pam_abl: /usr/local/etc/pam_abl.conf: host_rule=*:10/1h,30/1d
> pam_abl: PAM_RHOST is NULL
> pam_abl: In cleanup, err is 00000000
That "PAM_RHOST is NULL" looks like the culprit to me...
I searched a lot for deeper documentation but came up empty.
bye & Thanks
P.S. I'm not sticking with pam_abl if a better solution exists...
More information about the freebsd-questions