Am Donnerstag, dem 22.06.2023 um 16:27 +0100 schrieb Nick Howitt via
Fail2ban-users:
> Don't allow authentication on 25!
I second that. Port 25 is without encryption, so i don't offer auth
there - only on 587.
Apart from that, stolen passwords were tried for login via port 587.
This is reduced quite a bit by
smtpd_sender_restrictions =
[...}
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname
which refuses connections from addresses without DNS setup. This
blocks people who run their own smtp server, but don't bother to setup
a dyndns hostname at least. I can do without them. Most of the live in
asia where i hardly know anybody...
Cheers,
tim
--
PISCES (Feb. 19 - Mar. 20)
You will get some very interesting news of a promotion today.
It
will go to someone in the office you dislike and will be the
job
you wanted. Don't lend anyone a car today. You don't have a
car.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
