Re: [Sshguard-users] Support for Postfix ?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 02/02/2016 06:11, Christophe Meessen wrote:
> I currently have some people trying to authenticate throuqh the port 25. 
> I suppose they try out default passwords.
> I get up to 100 attempts in a few tens of seconds and they retry every 
> hour. Fai2ban fails to detect and block them.
> There are also the ports 465 (SMTPS) and 587 with SASL authentication 
> which may fail. I currently don't have any failed connection attempts on 
> these ports, but this is just a matter of time.
> 
> I'm ready to switch from fail2ban to sshguard, but your web site doesn't 
> report a support of Postfix. This is a bit surprizing since many people 
> use Postfix. So my question is if sshguard supports Postfix protection.

At the moment, tentatively. SSHGuard only recognizes this SASL
authentication failure as an attack:

warning: unknown[1.2.3.4]: SASL LOGIN authentication failed:

If this is the one you're seeing SSHGuard should work fine. Just make
sure to feed it the appropriate log files.

Best,
Kevin

-- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090

Re: [Sshguard-users] Support for Postfix ?

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] Support for Postfix ?