Can sasl/sendmail Report IP Of Failed Access?
feld at feld.me
Tue Jun 4 19:13:39 UTC 2013
On Tue, 04 Jun 2013 10:47:16 -0500, Tim Daneliuk <tundra at tundraware.com>
> I am seeing login dictionary attacks on a FreeBSD mail server being
> reported. Is there a way to determine the IPs that are doing this
> so they can be blocked at the firewall? auth.log only
> notes the attempted user name, not the IP of origin.
I don't use sendmail, but aren't the login attempts at least logged in
maillog as well? If so, you could use fail2ban to ban them. We do this
More information about the freebsd-questions