On 2016-03-20 16:46, Dimitar Katerinski wrote:
@lbutlr wrote:/etc/hosts.allow: ALL : 185.103.253.246 : DENYHas no effect.
hosts.allow and hosts.deny only work for programs that have been compiled with TCP wrapper support. Typically this is limited to telnet, ftp and inetd super daemon type services.
I would suggest using your firewall utility to block this on tcp/ip level. If you are running Postfix under Linux the following iptables command should block this IP to accessing your smtp service on port 25: iptables - I INPUT -s 185.103.253.246 -p tcp --dport 25 -j DROP As someone already suggested - have a look at fail2ban.
I second using the IP tables and fail2ban approach. Once properly configured, fail2ban can monitor the postfix / dovecot logs and automatically block offending IP addresses in the firewall rules after a preset number of failed login attempts. At first, I block the offending IP address after 3 failed attempts in a 1 hour period. I then permanently block any IP address that gets blocked 3 times in a 48 hour period. I use this on several mail systems I support and it has greatly reduced the number of failed login attempts. The only downside is at first, my user base sometimes locked themselves out. I have white listed the main IP addresses my clients use. After about 6 months, the users have become better about logging in, and I haven't had a lock out complaint since.
Cheers, Dimitar
--- Brett
