Date: Mon, 15 Jun 2015 14:39:23 +0200 From: Bartek Krawczyk <bbartlomiej.mail@gmail.com> To: Matthias Apitz <guru@unixarea.de>, Doug Hardie <bc979@lafn.org>, FreeBSD - <freebsd-questions@freebsd.org> Subject: Re: Sendmail Modification Message-ID: <CAFp_H4sK0ed2FQ3FCzYwNrYj6P7Rgy7C%2BKRAia05ev8G_O-8ew@mail.gmail.com> In-Reply-To: <20150615091058.GA2965@c720-r276659> References: <BFE727A9-33F5-4FB1-9C6D-46312AEE57AE@lafn.org> <20150615091058.GA2965@c720-r276659>
next in thread | previous in thread | raw e-mail | index | archive | help
It's better to configure fail2ban or something similar. On 15 June 2015 at 11:10, Matthias Apitz <guru@unixarea.de> wrote: > El d=C3=ADa Monday, June 15, 2015 a las 01:51:29AM -0700, Doug Hardie esc= ribi=C3=B3: > >> I need to modify sendmail such that when a SMTP-AUTH request fails, send= mail drops the connection. I am constantly being hit by password guessing = attempts. My first thought was to introduce a 1 or 2 minute delay after an= authentication failure. However, I suspect the attackers would just open = a new connection and leave me with bunches of connections waiting to time o= ut. Hence the need to drop the connection. >> >> Looking through the code it appears there are 2 places in srvrsmtp.c whe= re the SASL return code is not SASL_OK or SASL_CONT. An "AUTH failure=E2= =80=9D is logged in both those instances. I believe that an exit right aft= er the RESET_SASLCONN would do what I need. Does this appear to be the rig= ht place? >> > > What would be the benefit from such a reset/exit? The attacker would be > fire up the next connection with the next password guess. Can you > identify the source IP addr and if so just block it with ipfilter or > some firewall. > > matthias > > -- > Matthias Apitz, guru@unixarea.de, http://www.unixarea.de/ +49-170-4527211= +49-176-38902045 > "Wenn der Mensch von den Umst=C3=A4nden gebildet wird, so mu=C3=9F man di= e Umst=C3=A4nde menschlich bilden." > "Si el hombre es formado por las circunstancias entonces es necesario for= mar humanamente > las circunstancias", Karl Marx in Die heilige Familie / La sagrada famili= a (MEW 2, 138) > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 Bartek Krawczyk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFp_H4sK0ed2FQ3FCzYwNrYj6P7Rgy7C%2BKRAia05ev8G_O-8ew>