Dňa 21. októbra 2024 15:46:14 UTC používateľ Geoff Mulligan via mailop 
<mailop@mailop.org> napísal:
>I wrote a script to check my mail log and block the IPs.
>What do you all do?

Cofee & smoke, until they move to another target... One
can do very little with that, as that comes from many
countries, many ASNs and even more IP blocks, often
from dynamic (thus IP change) hosts.

But really, i have no auth on 25 port and fail2ban blocks
IP trying it for 10 days, then increase ban time on repeat.
I see only very small number of repeats and number of
attempts decreased over time (from small to very small).

On MSA again fail2ban, i use own implementation of
auth daemon, which can do basic host filtering (GeoIP,
RBLs, and so). I block access from Spamhaus (E)DROP
IPs and from blocklist.de, and i even block access from
~10 ASNs at all, etc, etc... Fail2ban then feeds most
repeating hosts to long-time ipset (reseting 120 days).
That all blocks many of connections, but not all.

And, of course, make sure that your users use unique
and not leaked passwords (i know, not easy to achieve)
and that your daemons hasn't known vulnerabilities.

While here was about 9 months of relative peace/silence,
nothing help to stop these attempts, thus really -- patience ;-)

regards


-- 
Slavko
https://www.slavino.sk/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to