Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Jun 2013 11:56:45 -0700
From:      Waitman Gobble <gobble.wa@gmail.com>
To:        tundra@tundraware.com
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Can sasl/sendmail Report IP Of Failed Access?
Message-ID:  <CAFuo_fzrOQiUR=NkoeiNY5q7=Zovx3mNFdZ9dT=ZE3SK7ow3yg@mail.gmail.com>
In-Reply-To: <51AE0C04.2050507@tundraware.com>
References:  <51AE0C04.2050507@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Jun 4, 2013 9:00 AM, "Tim Daneliuk" <tundra@tundraware.com> wrote:
>
> I am seeing login dictionary attacks on a FreeBSD mail server being
> reported.  Is there a way to determine the IPs that are doing this
> so they can be blocked at the firewall?   auth.log only
> notes the attempted user name, not the IP of origin.
> --
> -----------------------------------------------------------------------
> Tim Daneliuk
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
freebsd-questions-unsubscribe@freebsd.org"

On Jun 4, 2013 9:00 AM, "Tim Daneliuk" <tundra@tundraware.com> wrote:
>
> I am seeing login dictionary attacks on a FreeBSD mail server being
> reported.  Is there a way to determine the IPs that are doing this
> so they can be blocked at the firewall?   auth.log only
> notes the attempted user name, not the IP of origin.
> --
> -----------------------------------------------------------------------
> Tim Daneliuk
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
freebsd-questions-unsubscribe@freebsd.org"

one idea is to run auth on a different service / machine on a non-standard
port, that at least cuts down the noise from "non-targetted" scans.

Waitman Gobble
San Jose California USA

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFuo_fzrOQiUR=NkoeiNY5q7=Zovx3mNFdZ9dT=ZE3SK7ow3yg>