On Tue, Jun 29, 2010 at 4:16 PM, Chris Davies <[email protected]> wrote: > Alan Chandler <[email protected]> wrote: >> I have just moved my mail server (exim4 split config based) from one >> machine to another, and in doing so started examining the logs. I am >> being hit with multiple attempts to relay - several a second. They come >> in bursts from one host, then come from somewhere else. > >> I would like to put some for of inconvenient barrier up so perhaps they >> stop bothering me. > >> What is a good way of deterring them? > > Fail2ban is remarkably good at helping deter probes such as relay > attempts. Get it working "out of the box" and then tweak it to match > against other exim messages.
You could also look at the iptables "limit" and "recent" modules. I use those to drop the automated brute force SSH attempts. What you are seeing is also the same attack using SMTP AUTH. Regards, Didar -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
