On 2016/11/27 13:15, li...@lazygranch.com wrote:
I hate to bug the list for what is probably a dumb question, but is there any situation
where an unauthorized user needs to connect to port 587? I'm wondering if there is some
oddball "edge" case.
My thought is to use my ipfw table of known trouble makers to block 587.
I wrote a little script that monitors connections and automatically does
iptables -I input_ext -s IP -j logdrop
for any IP that connects to my port 587, port 22, etc. Obviously it
doesn't do this for whitelisted IPs.
I implemented this because I noticed a lot of bad IPs were trying AUTH
commands, presumably to try to guess passwords. The above gives them
only one try. It catches a dozen or so every day. Periodically flush
them, or coalesce them.
-Earl
