Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 04 Jun 2013 14:13:32 -0500
From:      "Mark Felder" <feld@feld.me>
To:        freebsd-questions@freebsd.org
Subject:   Re: Can sasl/sendmail Report IP Of Failed Access?
Message-ID:  <op.wx540unv34t2sn@markf.office.supranet.net>
In-Reply-To: <51AE0C04.2050507@tundraware.com>
References:  <51AE0C04.2050507@tundraware.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, 04 Jun 2013 10:47:16 -0500, Tim Daneliuk <tundra@tundraware.com>  
wrote:

> I am seeing login dictionary attacks on a FreeBSD mail server being
> reported.  Is there a way to determine the IPs that are doing this
> so they can be blocked at the firewall?   auth.log only
> notes the attempted user name, not the IP of origin.

I don't use sendmail, but aren't the login attempts at least logged in  
maillog as well? If so, you could use fail2ban to ban them. We do this  
with postfix/exim/dovecot/etc.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?op.wx540unv34t2sn>