Can sasl/sendmail Report IP Of Failed Access?
Waitman Gobble
gobble.wa at gmail.com
Tue Jun 4 18:56:47 UTC 2013
On Jun 4, 2013 9:00 AM, "Tim Daneliuk" <tundra at tundraware.com> wrote:
>
> I am seeing login dictionary attacks on a FreeBSD mail server being
> reported. Is there a way to determine the IPs that are doing this
> so they can be blocked at the firewall? auth.log only
> notes the attempted user name, not the IP of origin.
> --
> -----------------------------------------------------------------------
> Tim Daneliuk
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
freebsd-questions-unsubscribe at freebsd.org"
On Jun 4, 2013 9:00 AM, "Tim Daneliuk" <tundra at tundraware.com> wrote:
>
> I am seeing login dictionary attacks on a FreeBSD mail server being
> reported. Is there a way to determine the IPs that are doing this
> so they can be blocked at the firewall? auth.log only
> notes the attempted user name, not the IP of origin.
> --
> -----------------------------------------------------------------------
> Tim Daneliuk
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
freebsd-questions-unsubscribe at freebsd.org"
one idea is to run auth on a different service / machine on a non-standard
port, that at least cuts down the noise from "non-targetted" scans.
Waitman Gobble
San Jose California USA
More information about the freebsd-questions
mailing list