I recently updated my system from Sendmail to Postfix 3.0.1. Since that
time, I've been targeted with several SASL dictionary attacks; activity
I've not seen in this number before.
Reading around elsewhere, I wonder if the script kiddies are looking for
Postfix in the banner (which I've since removed), going after a presumed
vulnerability?
I've seen items like Fail2Ban and so forth. I don't know that it would
be appropriate for Postfix to temporarily ban IPs or throttle these
types of failures. There may be some settings I've not yet become
aware of that I could tweak to either discourage this or make it very
difficult.
Thanks.
- SASL AUTH dictionary attacks Forrest
-
