guru at unixarea.de
Mon Jun 15 11:39:30 UTC 2015
El día Monday, June 15, 2015 a las 01:51:29AM -0700, Doug Hardie escribió:
> I need to modify sendmail such that when a SMTP-AUTH request fails, sendmail drops the connection. I am constantly being hit by password guessing attempts. My first thought was to introduce a 1 or 2 minute delay after an authentication failure. However, I suspect the attackers would just open a new connection and leave me with bunches of connections waiting to time out. Hence the need to drop the connection.
> Looking through the code it appears there are 2 places in srvrsmtp.c where the SASL return code is not SASL_OK or SASL_CONT. An "AUTH failure” is logged in both those instances. I believe that an exit right after the RESET_SASLCONN would do what I need. Does this appear to be the right place?
What would be the benefit from such a reset/exit? The attacker would be
fire up the next connection with the next password guess. Can you
identify the source IP addr and if so just block it with ipfilter or
Matthias Apitz, guru at unixarea.de, http://www.unixarea.de/ +49-170-4527211 +49-176-38902045
"Wenn der Mensch von den Umständen gebildet wird, so muß man die Umstände menschlich bilden."
"Si el hombre es formado por las circunstancias entonces es necesario formar humanamente
las circunstancias", Karl Marx in Die heilige Familie / La sagrada familia (MEW 2, 138)
More information about the freebsd-questions