From owner-freebsd-questions@FreeBSD.ORG Mon Jun 15 11:39:30 2015 Return-Path: Delivered-To: freebsd-questions@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 779C4AAC for ; Mon, 15 Jun 2015 11:39:30 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 353B2399 for ; Mon, 15 Jun 2015 11:39:29 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from [82.113.106.57] (helo=localhost.unixarea.de) by ms-10.1blu.de with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1Z4QQ0-0003Z7-0w; Mon, 15 Jun 2015 11:11:00 +0200 Received: from localhost.my.domain (c720-r276659 [127.0.0.1]) by localhost.unixarea.de (8.14.9/8.14.9) with ESMTP id t5F9AwBC002989 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 15 Jun 2015 11:10:58 +0200 (CEST) (envelope-from guru@unixarea.de) Received: (from guru@localhost) by localhost.my.domain (8.14.9/8.14.9/Submit) id t5F9Aw0D002988; Mon, 15 Jun 2015 11:10:58 +0200 (CEST) (envelope-from guru@unixarea.de) X-Authentication-Warning: localhost.my.domain: guru set sender to guru@unixarea.de using -f Date: Mon, 15 Jun 2015 11:10:58 +0200 From: Matthias Apitz To: Doug Hardie Cc: FreeBSD - Subject: Re: Sendmail Modification Message-ID: <20150615091058.GA2965@c720-r276659> Reply-To: Matthias Apitz Mail-Followup-To: Matthias Apitz , Doug Hardie , FreeBSD - References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Operating-System: FreeBSD 11.0-CURRENT r269739 (i386) User-Agent: Mutt/1.5.23 (2014-03-12) X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 82.113.106.57 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 11:39:30 -0000 El día Monday, June 15, 2015 a las 01:51:29AM -0700, Doug Hardie escribió: > I need to modify sendmail such that when a SMTP-AUTH request fails, sendmail drops the connection. I am constantly being hit by password guessing attempts. My first thought was to introduce a 1 or 2 minute delay after an authentication failure. However, I suspect the attackers would just open a new connection and leave me with bunches of connections waiting to time out. Hence the need to drop the connection. > > Looking through the code it appears there are 2 places in srvrsmtp.c where the SASL return code is not SASL_OK or SASL_CONT. An "AUTH failure” is logged in both those instances. I believe that an exit right after the RESET_SASLCONN would do what I need. Does this appear to be the right place? > What would be the benefit from such a reset/exit? The attacker would be fire up the next connection with the next password guess. Can you identify the source IP addr and if so just block it with ipfilter or some firewall. matthias -- Matthias Apitz, guru@unixarea.de, http://www.unixarea.de/ +49-170-4527211 +49-176-38902045 "Wenn der Mensch von den Umständen gebildet wird, so muß man die Umstände menschlich bilden." "Si el hombre es formado por las circunstancias entonces es necesario formar humanamente las circunstancias", Karl Marx in Die heilige Familie / La sagrada familia (MEW 2, 138)