On 11/2/2019 9:42 PM, Wietse Venema wrote:
John Schmerold:
What is the best way to protect against dictionary attacks in Postfix?
Reportedly, fail2ban (no first-hand experience, because I have no
SASL clients).
Wietse
I am using Postfix as a filter in front of O365/cpanel/Google apps, we
are seeing a few dictionary attacks, I will experiment with fail2ban.
One site (Mergy.org), recommends adding this to
/etc/fail2ban/filters.d/postfix:
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4.1.1 .*
Recipient address rejected: unverified address: unknown user:.*$
We'll see how it goes.
