Dňa 21. októbra 2024 15:46:14 UTC používateľ Geoff Mulligan via mailop <mailop@mailop.org> napísal:
>I wrote a script to check my mail log and block the IPs. >What do you all do? Cofee & smoke, until they move to another target... One can do very little with that, as that comes from many countries, many ASNs and even more IP blocks, often from dynamic (thus IP change) hosts. But really, i have no auth on 25 port and fail2ban blocks IP trying it for 10 days, then increase ban time on repeat. I see only very small number of repeats and number of attempts decreased over time (from small to very small). On MSA again fail2ban, i use own implementation of auth daemon, which can do basic host filtering (GeoIP, RBLs, and so). I block access from Spamhaus (E)DROP IPs and from blocklist.de, and i even block access from ~10 ASNs at all, etc, etc... Fail2ban then feeds most repeating hosts to long-time ipset (reseting 120 days). That all blocks many of connections, but not all. And, of course, make sure that your users use unique and not leaked passwords (i know, not easy to achieve) and that your daemons hasn't known vulnerabilities. While here was about 9 months of relative peace/silence, nothing help to stop these attempts, thus really -- patience ;-) regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop