Date: Tue, 04 Jun 2013 14:13:32 -0500 From: "Mark Felder" <feld@feld.me> To: freebsd-questions@freebsd.org Subject: Re: Can sasl/sendmail Report IP Of Failed Access? Message-ID: <op.wx540unv34t2sn@markf.office.supranet.net> In-Reply-To: <51AE0C04.2050507@tundraware.com> References: <51AE0C04.2050507@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 04 Jun 2013 10:47:16 -0500, Tim Daneliuk <tundra@tundraware.com> wrote: > I am seeing login dictionary attacks on a FreeBSD mail server being > reported. Is there a way to determine the IPs that are doing this > so they can be blocked at the firewall? auth.log only > notes the attempted user name, not the IP of origin. I don't use sendmail, but aren't the login attempts at least logged in maillog as well? If so, you could use fail2ban to ban them. We do this with postfix/exim/dovecot/etc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.wx540unv34t2sn>