Re: Deterring mail relay attempts

To: debian-user@lists.debian.org
Subject: Re: Deterring mail relay attempts
From: Didar Hossain <didar.hossain@gmail.com>
Date: Tue, 29 Jun 2010 18:15:57 +0530
Message-id: <[🔎] AANLkTinq-7SlnLbOoAfJk-WSCRUFX73-XvlmZpNyw-Zt@mail.gmail.com>
In-reply-to: <[🔎] 2hvof7xs3l.ln2@news.roaima.co.uk>
References: <[🔎] 4C28DA0B.9090002@chandlerfamily.org.uk> <[🔎] 2hvof7xs3l.ln2@news.roaima.co.uk>

On Tue, Jun 29, 2010 at 4:16 PM, Chris Davies <chris-usenet@roaima.co.uk> wrote:
> Alan Chandler <alan@chandlerfamily.org.uk> wrote:
>> I have just moved my mail server (exim4 split config based) from one
>> machine to another, and in doing so started examining the logs.  I am
>> being hit with multiple attempts to relay - several a second.  They come
>> in bursts from one host, then come from somewhere else.
>
>> I would like to put some for of inconvenient barrier up so perhaps they
>> stop bothering me.
>
>> What is a good way of deterring them?
>
> Fail2ban is remarkably good at helping deter probes such as relay
> attempts. Get it working "out of the box" and then tweak it to match
> against other exim messages.

You could also look at the iptables "limit" and "recent" modules. I
use those to drop the automated
brute force SSH attempts. What you are seeing is also the same attack
using SMTP AUTH.

Regards,
Didar

Reply to:

References:
- Deterring mail relay attempts
  - From: Alan Chandler <alan@chandlerfamily.org.uk>
- Re: Deterring mail relay attempts
  - From: Chris Davies <chris-usenet@roaima.co.uk>

Prev by Date: Вопрос по оборудованию
Next by Date: Re: Deterring mail relay attempts
Previous by thread: Re: Deterring mail relay attempts
Next by thread: Re: Deterring mail relay attempts
Index(es):
- Date
- Thread