Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 03 Jun 2013 19:05:01 +0200
From:      Andrea Venturoli <>
Subject:   Stop SMTP attack with pam_abl
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

I have different sendmail based servers deployed and all of them are, 
more or less frequently, subject to dictionary attacks.
So I looked for some solution to stop them and stumbled upon pam_abl.

However it does not seem to do its job; in the logs I have:
 > pam_abl[2398]: /usr/local/etc/pam_abl.conf: 
 > pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_purge=4h
 > pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_rule=*:10/1h,30/1d
 > pam_abl[2398]: PAM_RHOST is NULL
 > pam_abl[2398]: In cleanup, err is 00000000

That "PAM_RHOST is NULL" looks like the culprit to me...

I searched a lot for deeper documentation but came up empty.
Any hint?

  bye & Thanks

P.S. I'm not sticking with pam_abl if a better solution exists...

Want to link to this message? Use this URL: <>