Sendmail Modification

Doug Hardie bc979 at
Mon Jun 15 19:43:49 UTC 2015

> On 15 June 2015, at 02:10, Matthias Apitz <guru at> wrote:
> El día Monday, June 15, 2015 a las 01:51:29AM -0700, Doug Hardie escribió:
>> I need to modify sendmail such that when a SMTP-AUTH request fails, sendmail drops the connection.  I am constantly being hit by password guessing attempts.  My first thought was to introduce a 1 or 2 minute delay after an authentication failure.  However, I suspect the attackers would just open a new connection and leave me with bunches of connections waiting to time out.  Hence the need to drop the connection.
>> Looking through the code it appears there are 2 places in srvrsmtp.c where the SASL return code is not SASL_OK or SASL_CONT.  An "AUTH failure” is logged in both those instances.  I believe that an exit right after the RESET_SASLCONN would do what I need.  Does this appear to be the right place?
> What would be the benefit from such a reset/exit? The attacker would be
> fire up the next connection with the next password guess. Can you
> identify the source IP addr and if so just block it with ipfilter or
> some firewall

I have been using the equivalent of fail2ban for over 4 years now.  I have blocked all non-us IP addresses and over 4K US IP addresses.  Doesn’t help anymore.  I get thousands of connections daily attempting password guessing.  The benefit is that they have to renegotiate a SSL connection which I suspect will break most of their scripts.  It will at least place more of a burden on their systems.  The SMTP protocol uses almost zero overhead to try multiple passwords.

More information about the freebsd-questions mailing list