Hello, all
I have the postfix-sasl jail enabled and it works well against attack,
such as "Failed login".
I just notified that my email server's maillog flood with this:
...
Sep 29 14:19:21 szeta postfix/smtpd[19940]: connect from
ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:22 szeta postfix/smtpd[19940]: lost connection after AUTH
from ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:22 szeta postfix/smtpd[19940]: disconnect from
ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:22 szeta postfix/smtpd[20009]: connect from
ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:22 szeta postfix/smtpd[20009]: lost connection after AUTH
from ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:22 szeta postfix/smtpd[20009]: disconnect from
ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:23 szeta postfix/smtpd[19940]: connect from
ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:23 szeta postfix/smtpd[19940]: lost connection after AUTH
from ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:23 szeta postfix/smtpd[19940]: disconnect from
ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:23 szeta postfix/smtpd[20009]: connect from
ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:24 szeta postfix/smtpd[20009]: lost connection after AUTH
from ns3366447.ip-37-187-77.eu[37.187.77.147]
Sep 29 14:19:24 szeta postfix/smtpd[20009]: disconnect from
ns3366447.ip-37-187-77.eu[37.187.77.147]
...
And the fail2ban does nothing about this! No new entry about this in
fail2ban.log. The attack is still going and I am going to manual kill it
in iptables.
What should I do about this in fail2ban? Please help.
Thanks.
Gao
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
