Postal
Unauthenticated client/bot prevention #2791
Replies: 2 comments 3 replies
-
|
This is the solution with fail2ban i'm using to prevent bot spamming looking for open relays. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the help, but things are a little different here. The attack pattern I met is bot only sends lots of 'RCPT TO' commands before authentication, and then disconnects. The IP of the attacker client can only be found when it establishes the connection. Fail2ban cannot fit this log pattern(although I wrote a script to monitor the log and use fail2ban to ban IPs). |
Beta Was this translation helpful? Give feedback.
-
|
I see multiple approaches here:
|
Beta Was this translation helpful? Give feedback.
-
|
Adding |
Beta Was this translation helpful? Give feedback.
-
|
This is an effective workaround. After I added the output error message, fail2ban can easily identify the log and ban the IP. |
Beta Was this translation helpful? Give feedback.
-
Recently my logs have been showing a large number of machine scripts accessing the SMTP port that don't authenticate and try to send mail, taking up a lot of resources.
I've tried using fail2ban for protection(#1255), but the situation is different to failed authentication attempts(#1182), currently the log context needs to be analysed to get the attacker's IP address.
Is there any solution to prevent this kind of attack, or is it possible to improve the error log display to fit the simple regex?
Beta Was this translation helpful? Give feedback.
All reactions