On 28 Nov 2016, at 13:47, li...@lazygranch.com wrote:
On Mon, 28 Nov 2016 09:01:41 -0500
btb <b...@bitrate.net> wrote:
On 2016.11.27 20.43, li...@lazygranch.com wrote:
I should have mentioned the mail system is on a VPS and I'm the only
user. And yes, trouble makers are on the Internet.
well, this simplifies things quite of bit, of course.
What lead me to this was I did bzgrep "max auth" and noticed both
smtp and submission was found.
i hope you're not offering smtp auth on port 25.
Well I think I am based on this anvil entry. What option of postconf
would show this?
smtpd_sasl_auth_enable
Typical systems offering both SMTP (25) and initial message submission
(587) should not have that set to 'yes' in main.cf and have a master.cf
entry something like this:
submission inet n - n - - smtpd
-o syslog_name=postfix/submit
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
maillog.3.bz2:Nov 28 09:39:37 theranch postfix/anvil[75111]:
statistics: max auth rate 20/60s for (smtp:41.216.208.250) at Nov 28
09:36:16
Authentication brute-force bots don't care whether you support SMTP
AUTH, they try it anyway.
Regarding 587 and the firewall, one blocked thus far. Better than
nothing I suppose.
security.0.bz2:Nov 28 04:06:55 theranch kernel: ipfw: 565 Deny TCP
163.172.238.45:45853 107.170.248.198:587 in via vtnet0
<snip>
