Obrigado a todos pela ajuda! Pelo visto parece que o fail2ban 'é o cara!'.
Vou estuda-lo e implmenta-lo. Depois aviso como foi. Em sex 08 abr 2011, às 16:01:54, Alexandre Balistrieri escreveu: > Olá a todos, > > Acabo de me inscrever na lista. Fiz parte da lista principal do postfix > durante muito tempo e recentemente cancelei a inscrição, por participar > muito pouco. > > Mas agora me vejo com um problema - novo pra mim - que vendo por alguns > ângulos tem me parecido uma negação de serviço. > > Uso Linux Opensuse-10.2+Postfix2.3.2+cyrus-saslauthd-2.1.22 > > Meu host parece que vem sendo entupido de conexões externas vindas de > milhares de IPs gerando warnings "SASL LOGIN authentication failed: > authentication failure" e "verification failed: Name or service not > known". Por conta disso, meus envios locais quase não estão acontecendo. > > Tenho pouco mais de uma centena de usuários dependendo desse host pra > outgoing. Nos usuários mais urjentes tenho cadastrado um outgoing > alternativo sem autenticação pra resolver o problema temporariamente > enquanto tento descobrir uma forma de filtrar essas conexões ou descobrir > por que elas acontecem. > > Alguém já passou por isso? > > Segue uma parte do meu maillog apenas com os warnings: > > guarani:/tmp # tail -f /var/log/warn > Apr 8 16:01:03 guarani postfix/smtpd[19770]: warning: > unknown[190.147.147.55]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:04 guarani postfix/smtpd[19509]: warning: > unknown[200.230.51.66]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:04 guarani postfix/smtpd[19811]: warning: > 221-155.126-70.tampabay.res.rr.com[70.126.155.221]: SASL LOGIN > authentication failed: authentication failure > Apr 8 16:01:04 guarani postfix/smtpd[19695]: warning: > 246-46-235-201.fibertel.com.ar[201.235.46.246]: SASL LOGIN authentication > failed: authentication failure > Apr 8 16:01:04 guarani postfix/smtpd[19560]: warning: dsl- > emcali-190.1.244.121.emcali.net.co[190.1.244.121]: SASL LOGIN > authentication failed: authentication failure > Apr 8 16:01:04 guarani postfix/smtpd[19585]: warning: > 161.Red-79-157-224.dynamicIP.rima-tde.net[79.157.224.161]: SASL LOGIN > authentication failed: authentication failure > Apr 8 16:01:06 guarani postfix/smtpd[19542]: warning: 187.113.231.218: > hostname 187.113.231.218.static.host.gvt.net.br verification failed: Name > or service not known > Apr 8 16:01:06 guarani postfix/smtpd[19542]: warning: > unknown[187.113.231.218]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:06 guarani postfix/smtpd[19730]: warning: 189.107.70.37: > hostname 189107070037.user.veloxzone.com.br verification failed: Name or > service not known > Apr 8 16:01:06 guarani postfix/smtpd[19876]: warning: > 189-72-80-182.bnut3700.dsl.brasiltelecom.net.br[189.72.80.182]: SASL LOGIN > authentication failed: authentication failure > Apr 8 16:01:07 guarani postfix/smtpd[19546]: warning: > unknown[187.54.193.66]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:07 guarani postfix/smtpd[19552]: warning: 187.37.166.245: > hostname bb25a6f5.virtua.com.br verification failed: Name or service not > known Apr 8 16:01:07 guarani postfix/smtpd[19552]: warning: > unknown[187.37.166.245]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:07 guarani postfix/smtpd[19855]: warning: > unknown[190.96.200.96]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:08 guarani postfix/smtpd[19759]: warning: unknown[207.6.61.2]: > SASL LOGIN authentication failed: authentication failure > Apr 8 16:01:09 guarani postfix/smtpd[19788]: warning: > unknown[201.47.62.70]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:09 guarani postfix/smtpd[19666]: warning: > 2.54.80.200.host.ifxnw.com.ar[200.80.54.2]: SASL LOGIN authentication > failed: authentication failure > Apr 8 16:01:10 guarani postfix/smtpd[19504]: warning: > 201-27-98-60.dsl.telesp.net.br[201.27.98.60]: SASL LOGIN authentication > failed: authentication failure > Apr 8 16:01:11 guarani postfix/smtpd[19779]: warning: > unknown[186.22.212.114]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:11 guarani postfix/smtpd[19794]: warning: > unknown[187.106.238.185]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:13 guarani postfix/smtpd[19878]: warning: 189.7.36.151: > hostname bd072497.virtua.com.br verification failed: Name or service not > known Apr 8 16:01:14 guarani postfix/smtpd[19878]: warning: > unknown[189.7.36.151]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:15 guarani postfix/smtpd[19848]: warning: 189.73.11.174: > hostname 189-73-11-174.dsl.ctaje701.brasiltelecom.net.br verification > failed: Name or service not known > Apr 8 16:01:15 guarani postfix/smtpd[19848]: warning: > unknown[189.73.11.174]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:15 guarani postfix/smtpd[19590]: warning: 177.17.77.63: > hostname 177.17.77.63.static.host.gvt.net.br verification failed: Name or > service not known > Apr 8 16:01:16 guarani postfix/smtpd[19590]: warning: > unknown[177.17.77.63]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:17 guarani postfix/smtpd[19726]: warning: > unknown[187.112.144.243]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:17 guarani postfix/smtpd[19672]: warning: > 189.26.201.62.dynamic.adsl.gvt.net.br[189.26.201.62]: SASL LOGIN > authentication failed: authentication failure > Apr 8 16:01:17 guarani postfix/smtpd[19581]: warning: > unknown[200.81.216.184]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:17 guarani postfix/smtpd[19895]: warning: > unknown[189.4.135.17]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:18 guarani postfix/smtpd[19776]: warning: 187.55.52.58: > hostname 187-55-52-58.bnut3300.e.brasiltelecom.net.br verification failed: > Name or service not known > Apr 8 16:01:18 guarani postfix/smtpd[19612]: warning: > unknown[187.9.57.67]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:18 guarani postfix/smtpd[19792]: warning: > 200-203-39-136.paemt706.dsl.brasiltelecom.net.br[200.203.39.136]: SASL > LOGIN authentication failed: authentication failure > Apr 8 16:01:19 guarani postfix/smtpd[19776]: warning: > unknown[187.55.52.58]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:19 guarani postfix/smtpd[19699]: warning: > unknown[189.83.136.162]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:19 guarani postfix/smtpd[19576]: warning: > 200-207-36-208.dsl.telesp.net.br[200.207.36.208]: SASL LOGIN authentication > failed: authentication failure > Apr 8 16:01:20 guarani postfix/smtpd[19723]: warning: > pppclient-200165141161.redeveloz.com.br[200.165.141.161]: SASL LOGIN > authentication failed: authentication failure > Apr 8 16:01:20 guarani postfix/smtpd[19790]: warning: > 189.26.110.151.dynamic.adsl.gvt.net.br[189.26.110.151]: SASL LOGIN > authentication failed: authentication failure > Apr 8 16:01:21 guarani postfix/smtpd[19621]: warning: 189.106.102.149: > hostname 189106102149.user.veloxzone.com.br verification failed: Name or > service not known > Apr 8 16:01:22 guarani postfix/smtpd[19621]: warning: > unknown[189.106.102.149]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:22 guarani postfix/smtpd[19532]: warning: > unknown[190.29.172.153]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:22 guarani postfix/smtpd[19758]: warning: > unknown[200.135.64.62]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:23 guarani postfix/smtpd[19772]: warning: > unknown[187.76.11.162]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:24 guarani postfix/smtpd[19572]: warning: > 201-25-68-2.gnace701.dsl.brasiltelecom.net.br[201.25.68.2]: SASL LOGIN > authentication failed: authentication failure > Apr 8 16:01:24 guarani postfix/smtpd[19868]: warning: 190.29.31.244: > hostname static-adsl190-29-31-244.une.net.co verification failed: Name or > service not known > Apr 8 16:01:25 guarani postfix/smtpd[19868]: warning: > unknown[190.29.31.244]: SASL LOGIN authentication failed: authentication > failure > Apr 8 16:01:27 guarani postfix/smtpd[19533]: warning: > ns01.execplan.com.br[201.7.115.90]: SASL LOGIN authentication failed: > authentication failure > Apr 8 16:01:28 guarani postfix/smtpd[19861]: warning: 189-041-31-106.xd- > dynamic.ctbcnetsuper.com.br[189.41.31.106]: SASL LOGIN authentication > failed: authentication failure -- Quam minimum credula postero, carpe diem []s Bali - Alexandre Balistrieri _______________________________________________ Postfix-BR mailing list Postfix-BR@listas.softwarelivre.org http://listas.softwarelivre.org/mailman/listinfo/postfix-br
