On 2014-07-29 22:17, wie...@porcupine.org wrote:
Anders Wegge Keller:
My analysis is that the remote system is making a dictionary
attack, to try
and see if it's possible to relay mail through my server that way.
Unfortunately (for the spammer), postfix is configured with
smtpd_tls_auth
large, so I would like to have a sure-fire trigger in the
log, that I can use to put an iptable block in place with fail2ban.
So my question is: Is it possible to get a log entry for remote systems
that tries do AUTH without having issued STARTTLS first?
--
//Wegge
--
//Wegge
