On 12/11/2014 4:09 PM, wie...@porcupine.org (Wietse Venema) wrote:
deoren:
I have two servers, one where AUTH _is_ enabled and this particular one
that is receiving the AUTH attempts where AUTH currently is not enabled.
It will however be reconfigured at some point in the future to allow
remote AUTH. Before I enable it, I was going to enhance the existing
fail2ban rules to counter the blatant abuse attempts and this seemed
like a good example to look at.
If you think about compiling a list of bad IP addresses, that list
is obsolete very soon. These "attacks" come through hacked machines
that are constantly replaced by new hacked machines when the old
hacked machines are cleaned up.
I was thinking of something more dynamic. Instead of perma-banning IPs
it would be for a window of time with a goal to just keep them away long
enough to make bothering with my box more time consuming for remote
offenders than it's worth. It's the idea anyway.
Adding code to Postfix to only log the specific 5xx response that
you are interested in, and none of the other responses, that makes
no sense to me.
No, I wouldn't ask for you or the other devs to do that. I agree, asking
for something that specific while ignoring the range of other response
codes sounds more like a one off testing branch or debug attempt.
I was hoping there was a way to achieve this with existing functionality
and it was another case of ignorance on my part of how to do so. If I
were to request a new feature I would try to step back and perceive how
the feature could be fine tuned or specific enough to be useful to a
broad group of people.
For example, if it's not possible to log response codes (assuming I'm
using the right terminology here: "503 5.5.1"), I would ask for a
logging feature to append or prepend response codes (of a certain class
or range) to log messages.
Thanks for your feedback!
