From owner-freebsd-questions@FreeBSD.ORG Mon Jun 3 17:05:25 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 4F177441 for ; Mon, 3 Jun 2013 17:05:25 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp.eutelia.it (mp1-smtp-6.eutelia.it [62.94.10.166]) by mx1.freebsd.org (Postfix) with ESMTP id 0A6571ABB for ; Mon, 3 Jun 2013 17:05:24 +0000 (UTC) Received: from ns2.biolchim.it (ip-188-188.sn2.eutelia.it [83.211.188.188]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.eutelia.it (Eutelia) with ESMTP id 2DFDC65E8AA for ; Mon, 3 Jun 2013 19:05:16 +0200 (CEST) Received: from soth.ventu (adsl-ull-194-186.41-151.net24.it [151.41.186.194]) (authenticated bits=0) by ns2.biolchim.it (8.14.7/8.14.7) with ESMTP id r53H5Bvv072374 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 3 Jun 2013 19:05:13 +0200 (CEST) (envelope-from ml@netfence.it) X-Authentication-Warning: ns2.biolchim.it: Host adsl-ull-194-186.41-151.net24.it [151.41.186.194] claimed to be soth.ventu Received: from alamar.ventu (alamar.ventu [10.1.2.18]) by soth.ventu (8.14.7/8.14.5) with ESMTP id r53H51td010438; Mon, 3 Jun 2013 19:05:01 +0200 (CEST) (envelope-from ml@netfence.it) Message-ID: <51ACCCBD.5030305@netfence.it> Date: Mon, 03 Jun 2013 19:05:01 +0200 From: Andrea Venturoli User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:17.0) Gecko/20130518 Thunderbird/17.0.6 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Stop SMTP attack with pam_abl Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.73 X-Scanned-By: MIMEDefang 2.73 on 10.1.2.13 X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (ns2.biolchim.it [192.168.2.203]); Mon, 03 Jun 2013 19:05:13 +0200 (CEST) X-Spam-Score: 5.177 (*****) BAYES_00, RCVD_IN_BRBL_LASTEXT, RCVD_IN_PBL, RCVD_IN_RP_RNBL, RCVD_IN_SORBS_DUL, RDNS_DYNAMIC Cc: prehor@gmail.com X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jun 2013 17:05:25 -0000 Hello. I have different sendmail based servers deployed and all of them are, more or less frequently, subject to dictionary attacks. So I looked for some solution to stop them and stumbled upon pam_abl. However it does not seem to do its job; in the logs I have: > pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_db=/var/db/pam_abl/hosts.db > pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_purge=4h > pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_rule=*:10/1h,30/1d > pam_abl[2398]: PAM_RHOST is NULL > pam_abl[2398]: In cleanup, err is 00000000 That "PAM_RHOST is NULL" looks like the culprit to me... I searched a lot for deeper documentation but came up empty. Any hint? bye & Thanks av. P.S. I'm not sticking with pam_abl if a better solution exists...