Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 03 Jun 2013 19:05:01 +0200
From:      Andrea Venturoli <ml@netfence.it>
To:        freebsd-questions@freebsd.org
Cc:        prehor@gmail.com
Subject:   Stop SMTP attack with pam_abl
Message-ID:  <51ACCCBD.5030305@netfence.it>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello.

I have different sendmail based servers deployed and all of them are, 
more or less frequently, subject to dictionary attacks.
So I looked for some solution to stop them and stumbled upon pam_abl.

However it does not seem to do its job; in the logs I have:
 > pam_abl[2398]: /usr/local/etc/pam_abl.conf: 
host_db=/var/db/pam_abl/hosts.db
 > pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_purge=4h
 > pam_abl[2398]: /usr/local/etc/pam_abl.conf: host_rule=*:10/1h,30/1d
 > pam_abl[2398]: PAM_RHOST is NULL
 > pam_abl[2398]: In cleanup, err is 00000000

That "PAM_RHOST is NULL" looks like the culprit to me...

I searched a lot for deeper documentation but came up empty.
Any hint?

  bye & Thanks
	av.

P.S. I'm not sticking with pam_abl if a better solution exists...



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?51ACCCBD.5030305>