Date: Mon, 15 Jun 2015 11:10:58 +0200 From: Matthias Apitz <guru@unixarea.de> To: Doug Hardie <bc979@lafn.org> Cc: FreeBSD - <freebsd-questions@freebsd.org> Subject: Re: Sendmail Modification Message-ID: <20150615091058.GA2965@c720-r276659> In-Reply-To: <BFE727A9-33F5-4FB1-9C6D-46312AEE57AE@lafn.org> References: <BFE727A9-33F5-4FB1-9C6D-46312AEE57AE@lafn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
El día Monday, June 15, 2015 a las 01:51:29AM -0700, Doug Hardie escribió: > I need to modify sendmail such that when a SMTP-AUTH request fails, sendmail drops the connection. I am constantly being hit by password guessing attempts. My first thought was to introduce a 1 or 2 minute delay after an authentication failure. However, I suspect the attackers would just open a new connection and leave me with bunches of connections waiting to time out. Hence the need to drop the connection. > > Looking through the code it appears there are 2 places in srvrsmtp.c where the SASL return code is not SASL_OK or SASL_CONT. An "AUTH failure” is logged in both those instances. I believe that an exit right after the RESET_SASLCONN would do what I need. Does this appear to be the right place? > What would be the benefit from such a reset/exit? The attacker would be fire up the next connection with the next password guess. Can you identify the source IP addr and if so just block it with ipfilter or some firewall. matthias -- Matthias Apitz, guru@unixarea.de, http://www.unixarea.de/ +49-170-4527211 +49-176-38902045 "Wenn der Mensch von den Umständen gebildet wird, so muß man die Umstände menschlich bilden." "Si el hombre es formado por las circunstancias entonces es necesario formar humanamente las circunstancias", Karl Marx in Die heilige Familie / La sagrada familia (MEW 2, 138)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150615091058.GA2965>