Menu
▾
▴
Re: [Sshguard-users] Lockout for postfix abuse
|
From: <li...@la...> - 2015-11-14 05:02:24
|
Doing some internet searches, I see a patch was accepted to catch failed SASL authentications, which in turn would catch postfix. http://sourceforge.net/p/sshguard/patches/8/ Does "accepted" confirm implementation? If not, is the patch compatible with the current rev of sshguard. I'm using IPFW on Freebsd 10.2. I can use ports, so I assume I can figure out how to apply the patch. Original Message From: li...@la... Sent: Thursday, November 12, 2015 7:02 PM To: ssh...@li... Reply To: ssh...@li... Subject: [Sshguard-users] Lockout for postfix abuse I see sshguard reads exim and Dovecot logs, but not postfix, based on the attack signature reference page. Is there something I can do to stop hackers such as the one listed below: Nov 13 01:10:53 theranch postfix/smtpd[16895]: connect from unknown[203.71.152.23] Nov 13 01:10:53 theranch postfix/smtpd[16895]: lost connection after EHLO from unknown[203.71.152.23] Nov 13 01:10:53 theranch postfix/smtpd[16895]: disconnect from unknown[203.71.152.23] Nov 13 01:14:13 theranch postfix/anvil[16897]: statistics: max connection rate 1/60s for (smtp:203.71.152.23) at Nov 1 3 01:10:53 Nov 13 01:14:13 theranch postfix/anvil[16897]: statistics: max connection count 1 for (smtp:203.71.152.23) at Nov 13 0 1:10:53 ------------------------------------------------------------------------------ _______________________________________________ Sshguard-users mailing list Ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
