Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Jun 2013 14:51:08 -0700
From:      Doug Hardie <bc979@lafn.org>
To:        tundra@tundraware.com
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: Can sasl/sendmail Report IP Of Failed Access?
Message-ID:  <10B9A72C-1BEA-498B-8BEA-88641656E434@lafn.org>
In-Reply-To: <51AE0C04.2050507@tundraware.com>
References:  <51AE0C04.2050507@tundraware.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On 4 June 2013, at 08:47, Tim Daneliuk <tundra@tundraware.com> wrote:

> I am seeing login dictionary attacks on a FreeBSD mail server being
> reported.  Is there a way to determine the IPs that are doing this
> so they can be blocked at the firewall?   auth.log only
> notes the attempted user name, not the IP of origin.
> --=20
>=20

I wrote some code to find the appropriate maillog entries which do =
include the IP addresses.  It automagically adds the IP addresses to the =
pf blackhole table if certain criteria is met.  The criteria is =
changeable.  If you would like a copy, let me know. =20=



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?10B9A72C-1BEA-498B-8BEA-88641656E434>