On 6/9/15 1:02 PM, Viktor Dukhovni wrote:
On Tue, Jun 09, 2015 at 12:54:51PM -0400, Forrest wrote:
I recently updated my system from Sendmail to Postfix 3.0.1. Since that
time, I've been targeted with several SASL dictionary attacks; activity I've
not seen in this number before.
Restricting SASL to TLS might help...
http://www.postfix.org/SASL_README.html#server_sasl_authc
smtpd_tls_auth_only = yes
if the attacks are primarily over non-TLS connections. You might
also restrict SASL to port 587 and not enable it on port 25.
Thank you. I will eventually get the grasp of Postix (this is how we
learn).
I put that setting in.
The logs only show entries like:
postfix/smtpd[12345]: warning: unknown[212.156.86.90]: SASL LOGIN
authentication failed: authentication failure
so I presume that's port 25, as I have submission running as another
configuration in master.cf.
Thanks.
