> On Apr 25, 2022, at 12:07 AM, Laura Smith
> <n5d9xq3ti233xiyif...@protonmail.ch> wrote:
>
>
> ------- Original Message -------
> On Monday, April 25th, 2022 at 05:26, ミユナ <al...@coakmail.com> wrote:
>
>> do you know how to stop passwords from being brute-forced for a
>> mailserver? do you have any practical guide?
>>
>
> Simple. You've got two options:
>
> a) Use strong passwords (and if you run an automated password changing
> system, enforce strong passwords)
>
> b) Use client-certificate authentication
>
> Stuff like fail2ban is for the lazy. You should be focusing on solving the
> underlying cause of the problem, i.e. using one of the two options above.
Laura,
I’m sorry your style of sysadmin’ing considers fail2ban “lazy”.
Even if your passwords are seriously secure, it won’t stop these morons from
filling your logs with their attempts. Fail2ban or some other solution is
still reasonable.
Even if you don’t advertise ANY auth support, your logs will be filled with:
Apr 25 03:02:17 post postfix/smtpd[31238]: connect from unknown[58.243.143.38]
Apr 25 03:02:18 post postfix/smtpd[31258]: lost connection after AUTH from
unknown[58.243.143.38]
Apr 25 03:02:18 post postfix/smtpd[31258]: disconnect from
unknown[58.243.143.38] ehlo=2 starttls=1 auth=0/1 commands=3/4
The scripts that try this nonsense simply do not parse the SMTP greeting.
Even if fail2ban is “whack a mole”, you could also feed the data on auth
spammers to an abuse-compaint script, and do your part to make the internet a
little cleaner.
-Dan
