On 14.08.22 18:40, tog...@dinamizm.com wrote:
"Matus" == Matus UHLAR <- fantomas <uh...@fantomas.sk>> writes:
"JR" == Jaroslaw Rafa <r...@rafa.eu.org> writes:
JR> Dnia 13.08.2022 o godz. 11:22:30 Durga Prasad Malyala pisze:
Did you try fail2ban. It is very good.
JR> I already use fail2ban, but I could not use it in this case, as the AUTH
JR> attempts were from different IP addresses and almost no address did
JR> repeat. So fail2ban would not do anything.
Matus> On 13.08.22 16:23, tog...@dinamizm.com wrote:
Have you looked spamhaus or abusix for auth blacklists. They both do a
decent job in blocking auth attempts from nasty IP addresses in my case.
Matus> I have noticed this kind of attacks too with the same problem - ona IP
Matus> rarely repeats more than once.
Matus> I'm not sure if spamhaus or any other dnsbl processes this kind of
Matus> attacks quickly enough so we could stop them.
Matus> however, if anyone tries this, let us know...
I am using both spamhaus and abusix and must say I am quite happy with the
results I am getting. Yet every user is different so YMMV.
spamhaus and abusix require registration and they are free to some extent ie.
depends on the traffic generated to these services.
but which lists? using spamhaus PBL is not viable because it lists dynamic
IP address which can be commonly used by clients.
spamrats also have such a service which doesn't require registration AFAIK
I have bad historic experience with spamrats and fwom wht I remember I'm not
the only one.
for submission I have this in the smtpd_client_restrictions settings of
master.cf
reject_rbl_client auth.spamrats.com=127.0.0.39
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
