On 29 Jan 2014, at 15:57 , li...@rhsoft.net wrote: > in mordern setups only port 587 (submission) should be used for > send authenticated mails and if someone can do that (we can't > because too many client configurations out of control) someone > could disable authentication on port 25 completly which blocks > any didctionary attack from the first start
This is exactly what I do on my mailserver. All submissions have to come in over port 587 and there is no authentication at port 25. The few people who “can’t” (or more likely won’t) use submission have to use the webmail, which also uses port 587 to send mail. On the up side, I get a lot less attacks, on the down side my fail2ban fills up a lot more slowly with IPs to block. -- "A musicologist is a man who can read music but can't hear it." - Sir Thomas Beecham (1879 - 1961)
