sshguard-users

[Sshguard-users] Support for Postfix ?

[Christophe M. <chr...@me...>]

Hello,

I currently have some people trying to authenticate throuqh the port 25. 
I suppose they try out default passwords.
I get up to 100 attempts in a few tens of seconds and they retry every 
hour. Fai2ban fails to detect and block them.
There are also the ports 465 (SMTPS) and 587 with SASL authentication 
which may fail. I currently don't have any failed connection attempts on 
these ports, but this is just a matter of time.

I'm ready to switch from fail2ban to sshguard, but your web site doesn't 
report a support of Postfix. This is a bit surprizing since many people 
use Postfix. So my question is if sshguard supports Postfix protection.

-- 
Bien cordialement,

Ch.Meessen

Re: [Sshguard-users] Support for Postfix ?

[Kevin Z. <kev...@gm...>]

On 02/02/2016 06:11, Christophe Meessen wrote:
> I currently have some people trying to authenticate throuqh the port 25. 
> I suppose they try out default passwords.
> I get up to 100 attempts in a few tens of seconds and they retry every 
> hour. Fai2ban fails to detect and block them.
> There are also the ports 465 (SMTPS) and 587 with SASL authentication 
> which may fail. I currently don't have any failed connection attempts on 
> these ports, but this is just a matter of time.
> 
> I'm ready to switch from fail2ban to sshguard, but your web site doesn't 
> report a support of Postfix. This is a bit surprizing since many people 
> use Postfix. So my question is if sshguard supports Postfix protection.

At the moment, tentatively. SSHGuard only recognizes this SASL
authentication failure as an attack:

warning: unknown[1.2.3.4]: SASL LOGIN authentication failed:

If this is the one you're seeing SSHGuard should work fine. Just make
sure to feed it the appropriate log files.

Best,
Kevin

-- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090