bbartlomiej.mail at gmail.com
Mon Jun 15 12:39:24 UTC 2015
It's better to configure fail2ban or something similar.
On 15 June 2015 at 11:10, Matthias Apitz <guru at unixarea.de> wrote:
> El día Monday, June 15, 2015 a las 01:51:29AM -0700, Doug Hardie escribió:
>> I need to modify sendmail such that when a SMTP-AUTH request fails, sendmail drops the connection. I am constantly being hit by password guessing attempts. My first thought was to introduce a 1 or 2 minute delay after an authentication failure. However, I suspect the attackers would just open a new connection and leave me with bunches of connections waiting to time out. Hence the need to drop the connection.
>> Looking through the code it appears there are 2 places in srvrsmtp.c where the SASL return code is not SASL_OK or SASL_CONT. An "AUTH failure” is logged in both those instances. I believe that an exit right after the RESET_SASLCONN would do what I need. Does this appear to be the right place?
> What would be the benefit from such a reset/exit? The attacker would be
> fire up the next connection with the next password guess. Can you
> identify the source IP addr and if so just block it with ipfilter or
> some firewall.
> Matthias Apitz, guru at unixarea.de, http://www.unixarea.de/ +49-170-4527211 +49-176-38902045
> "Wenn der Mensch von den Umständen gebildet wird, so muß man die Umstände menschlich bilden."
> "Si el hombre es formado por las circunstancias entonces es necesario formar humanamente
> las circunstancias", Karl Marx in Die heilige Familie / La sagrada familia (MEW 2, 138)
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions