On Sat, Jun 20, 2015 at 02:23:59PM -0400, Forrest wrote:
> How are others handling dictionary attacks (AUTH) with Postfix. For
> example:
Disable SASL auth on port 25. On port 587 require TLS before AUTH.
> I've limited the number of connections, and I suppose I could just ignore
> these as they don't succeed. I'm not sure it would be appropriate at the
> Postfix level to have something that rejects from that IP for X days, as
> that would be sorta outside the realm of MTA. I've heard of fail2ban, but
> I hesitate to further complicate my setup. But I may need to compromise?
If the same IP address keeps coming back and trying more passwords,
consider fail2ban. If it is a different address each time, not
much you can do, other than use strong passwords.
--
Viktor.
