Menu
▾
▴
Re: [SSHGuard-users] sshguard sniffing postifx---no odor detected
|
From: Kevin Z. <kev...@gm...> - 2016-05-21 13:24:47
|
On 05/20/2016 19:40, li...@la... wrote: > I set up a simple script using swaks to hit my email server with 100 > messages to relay. Since I don't have an open relay, these actions get > flagged by postfix. Eventually the connection got dropped by postfix > anvil, the rate limiter. Best I can tell postfix locks me out for 600 > seconds. > http://www.postfix.org/anvil.8.html It sounds like anvil(8) does the right thing. > In any event, sshguard didn't block me. I grepped all the auth.logs for > the offending IP. (I would have done more email testing but the Peet's > wifi is on a dynamic blocking list!) SSHGuard doesn't know about RCPT TO rejects (yet). We could teach it to. Ultimately, it looks like anvil does what you want, so perhaps just add a rule to block the offender using the firewall when anvil starts to rate-limit? This might potentially be a better option since we won't need attack signatures for every error message that can be generated by a spammer. Thoughts? Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
