On 6/20/2015 1:23 PM, Forrest wrote: > How are others handling dictionary attacks (AUTH) with Postfix. For > example: >
disable AUTH on port 25, or at least require encryption with smtpd_tls_auth_only = yes". Better to just disable it. require encryption on submission service port 587 with -o smtpd_tls_security_level=encrypt > I've heard of fail2ban, but I hesitate to further complicate > my setup. But I may need to compromise? Yes, use fail2ban to block repeat offenders. Although this does complicate your server setup, postfix does not depend on fail2ban -- if fail2ban isn't running it shouldn't affect postfix. -- Noel Jones
