On 10/30/23 17:53, David C. Rankin wrote:

On 10/30/23 16:14, Carlos E. R. wrote:

...

On 2023-10-30 21:36, David C. Rankin wrote:

...

All,

   Anybody running mail server noticing a large uptick in failed SASL login attempts? At times I'll just have the server journal displaying in an x-term. Past 24 hours or so there is a marked increase in SASL login attempts to postfix with most originating from LATNIC and Brazil in particular (with the normal smattering of RIPE critters)

Yes, I have heard of it.

And it is dangerous, they will eventually find the password of the mail account.

Not with:

# ipta 207.189.192.0/20 174 DROP iptables -I INPUT 174 -s 207.189.192.0/20 -j DROP

they won't :)

(so much for staying with a stateful firewall.... fight fire with fire...)

Server-Fault has a fail2ban solution: https://serverfault.com/q/1099716/332034 But why isn't port 587 specified explicitly? Not needed? Isn't it preferred over the deprecated port 465? -- David C. Rankin, J.D.,P.E.

On 2023-10-30 23:53, David C. Rankin wrote:

On 10/30/23 16:14, Carlos E. R. wrote:

...

On 2023-10-30 21:36, David C. Rankin wrote:

...

All,

   Anybody running mail server noticing a large uptick in failed SASL login attempts? At times I'll just have the server journal displaying in an x-term. Past 24 hours or so there is a marked increase in SASL login attempts to postfix with most originating from LATNIC and Brazil in particular (with the normal smattering of RIPE critters)

Yes, I have heard of it.

And it is dangerous, they will eventually find the password of the mail account.

Not with:

# ipta 207.189.192.0/20 174 DROP iptables -I INPUT 174 -s 207.189.192.0/20 -j DROP

they won't :)

(so much for staying with a stateful firewall.... fight fire with fire...)

I have been told that just implementing greylisting on those attempts works. Mind, clients like Thunderbird don't handle it automatically, but as it is only applied to bad passwords, it doesn't matter much. The human can retry later. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))