Stop SMTP attack with pam_abl

Andrea Venturoli ml at
Mon Jun 3 17:05:25 UTC 2013


I have different sendmail based servers deployed and all of them are, 
more or less frequently, subject to dictionary attacks.
So I looked for some solution to stop them and stumbled upon pam_abl.

However it does not seem to do its job; in the logs I have:
 > pam_abl[2398]: /usr/local/etc/pam_abl.conf: 
 > pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_purge=4h
 > pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_rule=*:10/1h,30/1d
 > pam_abl[2398]: PAM_RHOST is NULL
 > pam_abl[2398]: In cleanup, err is 00000000

That "PAM_RHOST is NULL" looks like the culprit to me...

I searched a lot for deeper documentation but came up empty.
Any hint?

  bye & Thanks

P.S. I'm not sticking with pam_abl if a better solution exists...

More information about the freebsd-questions mailing list