John Fawcett:
> I use fail2ban in order to block some types of apparently malicious
> connections to postfix when the clients keep retrying. For example the
As you agree logging every failed command would not be safe by
default.
On the other hand, logging the command name (even without) parameters
for every [45]XX response could be tricky. Adding IF statements all
over the code is undesirable, so this would require a structural
change to the command reader and responder.
What about a one-line change, such that the SMTP server logs the
existing per-session error counter when the connection is closed?
This counter is reset upon successful completion of a (MAIL, RCPT,
DATA, end-of-data) sequence. This should be sufficient to expose
clients that hammer your server with unimplemented AUTH commands.
Wietse
