Re: [Postfix-BR] D.O.S via smtpd/saslauthd?

Julio Cesar Covolato Fri, 08 Apr 2011 12:54:52 -0700

Instale o fail2ban e ative o sasl para no máximo 2 erros de login/senha,e tempo de unban pra mais de 24h.


-----------------------------
    _    Julio Cesar Covolato
   0v0<ju...@psi.com.br>
  /(_)\  F: 55-11-3129-3366
   ^ ^   PSI INTERNET
-----------------------------



Em 08/04/2011 16:01, Alexandre Balistrieri escreveu:

Olá a todos,

Acabo de me inscrever na lista. Fiz parte da lista principal do postfix durante
muito tempo e recentemente cancelei a inscrição, por participar muito pouco.

Mas agora me vejo com um problema - novo pra mim - que vendo por alguns
ângulos tem me parecido uma negação de serviço.

Uso  Linux Opensuse-10.2+Postfix2.3.2+cyrus-saslauthd-2.1.22

Meu host parece que vem sendo entupido de conexões externas vindas de milhares
de IPs gerando warnings "SASL LOGIN authentication failed: authentication
failure" e "verification failed: Name or service not known". Por conta disso,
meus envios locais quase não estão acontecendo.

Tenho pouco mais de uma centena de usuários dependendo desse host pra
outgoing. Nos usuários mais urjentes tenho cadastrado um outgoing alternativo
sem autenticação pra resolver o problema temporariamente enquanto tento
descobrir uma forma de filtrar essas conexões ou descobrir por que elas
acontecem.

Alguém já passou por isso?

Segue uma parte do meu maillog apenas com os warnings:

guarani:/tmp # tail -f /var/log/warn
Apr  8 16:01:03 guarani postfix/smtpd[19770]: warning: unknown[190.147.147.55]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:04 guarani postfix/smtpd[19509]: warning: unknown[200.230.51.66]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:04 guarani postfix/smtpd[19811]: warning:
221-155.126-70.tampabay.res.rr.com[70.126.155.221]: SASL LOGIN authentication
failed: authentication failure
Apr  8 16:01:04 guarani postfix/smtpd[19695]: warning:
246-46-235-201.fibertel.com.ar[201.235.46.246]: SASL LOGIN authentication
failed: authentication failure
Apr  8 16:01:04 guarani postfix/smtpd[19560]: warning: dsl-
emcali-190.1.244.121.emcali.net.co[190.1.244.121]: SASL LOGIN authentication
failed: authentication failure
Apr  8 16:01:04 guarani postfix/smtpd[19585]: warning:
161.Red-79-157-224.dynamicIP.rima-tde.net[79.157.224.161]: SASL LOGIN
authentication failed: authentication failure
Apr  8 16:01:06 guarani postfix/smtpd[19542]: warning: 187.113.231.218:
hostname 187.113.231.218.static.host.gvt.net.br verification failed: Name or
service not known
Apr  8 16:01:06 guarani postfix/smtpd[19542]: warning:
unknown[187.113.231.218]: SASL LOGIN authentication failed: authentication
failure
Apr  8 16:01:06 guarani postfix/smtpd[19730]: warning: 189.107.70.37: hostname
189107070037.user.veloxzone.com.br verification failed: Name or service not
known
Apr  8 16:01:06 guarani postfix/smtpd[19876]: warning:
189-72-80-182.bnut3700.dsl.brasiltelecom.net.br[189.72.80.182]: SASL LOGIN
authentication failed: authentication failure
Apr  8 16:01:07 guarani postfix/smtpd[19546]: warning: unknown[187.54.193.66]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:07 guarani postfix/smtpd[19552]: warning: 187.37.166.245: hostname
bb25a6f5.virtua.com.br verification failed: Name or service not known
Apr  8 16:01:07 guarani postfix/smtpd[19552]: warning: unknown[187.37.166.245]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:07 guarani postfix/smtpd[19855]: warning: unknown[190.96.200.96]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:08 guarani postfix/smtpd[19759]: warning: unknown[207.6.61.2]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:09 guarani postfix/smtpd[19788]: warning: unknown[201.47.62.70]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:09 guarani postfix/smtpd[19666]: warning:
2.54.80.200.host.ifxnw.com.ar[200.80.54.2]: SASL LOGIN authentication failed:
authentication failure
Apr  8 16:01:10 guarani postfix/smtpd[19504]: warning:
201-27-98-60.dsl.telesp.net.br[201.27.98.60]: SASL LOGIN authentication
failed: authentication failure
Apr  8 16:01:11 guarani postfix/smtpd[19779]: warning: unknown[186.22.212.114]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:11 guarani postfix/smtpd[19794]: warning:
unknown[187.106.238.185]: SASL LOGIN authentication failed: authentication
failure
Apr  8 16:01:13 guarani postfix/smtpd[19878]: warning: 189.7.36.151: hostname
bd072497.virtua.com.br verification failed: Name or service not known
Apr  8 16:01:14 guarani postfix/smtpd[19878]: warning: unknown[189.7.36.151]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:15 guarani postfix/smtpd[19848]: warning: 189.73.11.174: hostname
189-73-11-174.dsl.ctaje701.brasiltelecom.net.br verification failed: Name or
service not known
Apr  8 16:01:15 guarani postfix/smtpd[19848]: warning: unknown[189.73.11.174]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:15 guarani postfix/smtpd[19590]: warning: 177.17.77.63: hostname
177.17.77.63.static.host.gvt.net.br verification failed: Name or service not
known
Apr  8 16:01:16 guarani postfix/smtpd[19590]: warning: unknown[177.17.77.63]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:17 guarani postfix/smtpd[19726]: warning:
unknown[187.112.144.243]: SASL LOGIN authentication failed: authentication
failure
Apr  8 16:01:17 guarani postfix/smtpd[19672]: warning:
189.26.201.62.dynamic.adsl.gvt.net.br[189.26.201.62]: SASL LOGIN
authentication failed: authentication failure
Apr  8 16:01:17 guarani postfix/smtpd[19581]: warning: unknown[200.81.216.184]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:17 guarani postfix/smtpd[19895]: warning: unknown[189.4.135.17]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:18 guarani postfix/smtpd[19776]: warning: 187.55.52.58: hostname
187-55-52-58.bnut3300.e.brasiltelecom.net.br verification failed: Name or
service not known
Apr  8 16:01:18 guarani postfix/smtpd[19612]: warning: unknown[187.9.57.67]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:18 guarani postfix/smtpd[19792]: warning:
200-203-39-136.paemt706.dsl.brasiltelecom.net.br[200.203.39.136]: SASL LOGIN
authentication failed: authentication failure
Apr  8 16:01:19 guarani postfix/smtpd[19776]: warning: unknown[187.55.52.58]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:19 guarani postfix/smtpd[19699]: warning: unknown[189.83.136.162]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:19 guarani postfix/smtpd[19576]: warning:
200-207-36-208.dsl.telesp.net.br[200.207.36.208]: SASL LOGIN authentication
failed: authentication failure
Apr  8 16:01:20 guarani postfix/smtpd[19723]: warning:
pppclient-200165141161.redeveloz.com.br[200.165.141.161]: SASL LOGIN
authentication failed: authentication failure
Apr  8 16:01:20 guarani postfix/smtpd[19790]: warning:
189.26.110.151.dynamic.adsl.gvt.net.br[189.26.110.151]: SASL LOGIN
authentication failed: authentication failure
Apr  8 16:01:21 guarani postfix/smtpd[19621]: warning: 189.106.102.149:
hostname 189106102149.user.veloxzone.com.br verification failed: Name or
service not known
Apr  8 16:01:22 guarani postfix/smtpd[19621]: warning:
unknown[189.106.102.149]: SASL LOGIN authentication failed: authentication
failure
Apr  8 16:01:22 guarani postfix/smtpd[19532]: warning: unknown[190.29.172.153]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:22 guarani postfix/smtpd[19758]: warning: unknown[200.135.64.62]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:23 guarani postfix/smtpd[19772]: warning: unknown[187.76.11.162]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:24 guarani postfix/smtpd[19572]: warning:
201-25-68-2.gnace701.dsl.brasiltelecom.net.br[201.25.68.2]: SASL LOGIN
authentication failed: authentication failure
Apr  8 16:01:24 guarani postfix/smtpd[19868]: warning: 190.29.31.244: hostname
static-adsl190-29-31-244.une.net.co verification failed: Name or service not
known
Apr  8 16:01:25 guarani postfix/smtpd[19868]: warning: unknown[190.29.31.244]:
SASL LOGIN authentication failed: authentication failure
Apr  8 16:01:27 guarani postfix/smtpd[19533]: warning:
ns01.execplan.com.br[201.7.115.90]: SASL LOGIN authentication failed:
authentication failure
Apr  8 16:01:28 guarani postfix/smtpd[19861]: warning: 189-041-31-106.xd-
dynamic.ctbcnetsuper.com.br[189.41.31.106]: SASL LOGIN authentication failed:
authentication failure

_______________________________________________
Postfix-BR mailing list
Postfix-BR@listas.softwarelivre.org
http://listas.softwarelivre.org/mailman/listinfo/postfix-br

Re: [Postfix-BR] D.O.S via smtpd/saslauthd?

Responder a