Eliezer Croitoru:
> On 25/04/2012 22:37, tobi wrote:
> > On 25.04.2012 17:31, Wietse Venema wrote:
> >> Logging every command is a great way to spam the logfile with random
> >> junk.
> >
> > Maybe my subject was misleading. I do not need the content of the
> > command. I would just like to find a way to get a line like "from
> > xxx.xxx.xxx.xxx Error: authentication not enabled" in the logs. Thats
> > the same message a client receives during smtp-talk if it tries auth
> > login on auth disabled port.
> > If there really is no way then I will activate auth again and scan the
> > logs for brute force on logins. I want the ips of those bastards who
> > always try auth logins ;-)
> >
> > tobi
> in any case you should get the "postfix/smtpd[***]: connect from...IP"
> in a case a connection is initiated from any host to your server.
I agree. When a client makes many connections without delivering
mail, then that is a sign that the client is not legitimate.
Just don't set the threshold too low.
Wietse
