On Tue, 04 Jun 2013 10:47:16 -0500, Tim Daneliuk <[email protected]>
wrote:
I am seeing login dictionary attacks on a FreeBSD mail server being
reported. Is there a way to determine the IPs that are doing this
so they can be blocked at the firewall? auth.log only
notes the attempted user name, not the IP of origin.
I don't use sendmail, but aren't the login attempts at least logged in
maillog as well? If so, you could use fail2ban to ban them. We do this
with postfix/exim/dovecot/etc.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
