Am 13.09.2023 um 02:54 schrieb DL Neil via Postfix-users:
Have been updating the .cf files (mostly ciphers, but also...)
Our old friend "UGFzc3dvcmQ6" is back.
(previously bounced-off without appearing in daily pflogsumm)
Grrr!
...
unknown[146.247.146.134]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
14-0-135-011.static.pccw-hkt.com[14.0.135.11]: SASL LOGIN authentication
failed: UGFzc3dvcmQ6
...
What is the setting to get rid of these dozens of false-attempts from
diverse IPaddresses, please?
(had a search through most-recent archives, but no joy)
- yes, could roll-back the versioning, but am unclear which clause is
THE one!
as an idea
https://www.sys4.de/blog/abwehr-des-botnets-pushdo-cutwail-ehlo-ylmf-pc-mit-iptables-string-recent-smtp/
fail2ban may work also
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
