That is a good tip. I see there are rate limiting parameters: http://www.postfix.org/TUNING_README.html
Original Message From: Fazzina, Angelo Sent: Wednesday, November 16, 2016 6:38 AM To: postfix-users@postfix.org Subject: RE: hacker or server problem I'm a little late to the party, but wouldn't configuring Anvil in Postfix stop this kind of stuff ? -ALF -Angelo Fazzina Operating Systems Programmer / Analyst University of Connecticut, UITS, SSG, Server Systems 860-486-9075 -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of li...@lazygranch.com Sent: Wednesday, November 16, 2016 6:00 AM To: Patrick Chemla <patrick.che...@perfaction.net>; postfix-users@postfix.org Subject: Re: hacker or server problem The full cidr is blocked in the firewall. Original Message From: Patrick Chemla Sent: Wednesday, November 16, 2016 2:48 AM To: postfix-users@postfix.org Subject: Re: hacker or server problem Le 16/11/2016 à 12:38, li...@lazygranch.com a écrit : > On Wed, 16 Nov 2016 02:26:13 -0800 > "li...@lazygranch.com" <li...@lazygranch.com> wrote: > >> On Wed, 16 Nov 2016 11:52:14 +0200 >> Patrick Chemla <patrick.che...@perfaction.net> wrote: >> >>> Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit : >>>> Is this a hack or a server problem. IP was listed in abusedb >>>> about a year ago. >>>> >>>> <pattern repeats> >>>> Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from >>>> unknown[87.236.215.11] Nov 16 09:14:36 theranch >>>> postfix/smtpd[6094]: lost connection after AUTH from >>>> unknown[87.236.215.11] Nov 16 09:14:36 theranch > <snip> > # bzgrep -e 87.236.215.11 maillog | wc -l > 212 > > Three lines per hack. Make that 70 attempts. The stats line messes up > the line count. > First entry:Nov 16 09:13:45 > Last entry: Nov 16 09:18:00 > 255 seconds > 16.5 attempts a minute > 16 Attempts per second, yes this is a hack attempt. Protect yourself immediatly, even if he will surely need some (hundred of) thousands attempts to find a password. Another problem is that he is taking your bandwith. Patrick
