On 25.04.2012 13:13, Wietse Venema wrote:
tobi:
Hi list
I have disabled SMTP-Auth on my port 25. so this port is only uses to
receive emails for my domains but no relaying is possible. Now I have
bots that try to auth on port 25 by issue
Out: 250 DSN
In: AUTH LOGIN
Out: 503 5.5.1 Error: authentication not enabled
the problem is that I cannot find a unique line for this in the logs.
Postfix does not log invalid commands. That would allow a
denial-of-service on the maillog file.
Wietse
imho it's not an "invalid" command but a disabled one ;-) I agree
invalid commands should not be logged, but disabled commands?
So if I want to catch such bots the only way would be activate smtp-auth
again and then scan for failed logs?
Would it not be a solution for postfix to log a line like
"xxx.xxx.xxx.xxx sent disabled command (auth)". Would there be a risk
for dos on the maillog too?
tobi
