View Single Post
  #1  
Old 19th March 2012, 00:16
PermaNoob PermaNoob is offline
Senior Member
 
Join Date: Jan 2007
Posts: 194
Thanks: 12
Thanked 5 Times in 5 Posts
Default Way to automatically block SASL LOGIN attacks?

Is there an automatic way to use the firewall or some other way to add ip's like this to iptables?

I'm using fail2ban.

Mar 19 00:11:33 server3 postfix/smtpd[1002]: warning: unknown[183.7.92.44]: SASL LOGIN authentication failed: authentication failure
Mar 19 00:11:33 server3 postfix/smtpd[1002]: lost connection after AUTH from unknown[183.7.92.44]
Mar 19 00:11:33 server3 postfix/smtpd[1002]: disconnect from unknown[183.7.92.44]
Mar 19 00:11:33 server3 postfix/smtpd[1002]: connect from unknown[183.7.92.44]
Mar 19 00:11:35 server3 postfix/smtpd[1002]: warning: unknown[183.7.92.44]: SASL LOGIN authentication failed: authentication failure
Mar 19 00:11:35 server3 postfix/smtpd[1002]: lost connection after AUTH from unknown[183.7.92.44]
Mar 19 00:11:35 server3 postfix/smtpd[1002]: disconnect from unknown[183.7.92.44]
Mar 19 00:11:35 server3 postfix/smtpd[1002]: connect from unknown[183.7.92.44]
Mar 19 00:11:37 server3 postfix/smtpd[1002]: warning: unknown[183.7.92.44]: SASL LOGIN authentication failed: authentication failure
Mar 19 00:11:37 server3 postfix/smtpd[1002]: lost connection after AUTH from unknown[183.7.92.44]
Mar 19 00:11:37 server3 postfix/smtpd[1002]: disconnect from unknown[183.7.92.44]
Mar 19 00:11:38 server3 postfix/smtpd[1002]: connect from unknown[183.7.92.44]
Mar 19 00:11:39 server3 postfix/smtpd[1002]: warning: unknown[183.7.92.44]: SASL LOGIN authentication failed: authentication failure
Mar 19 00:11:39 server3 postfix/smtpd[1002]: lost connection after AUTH from unknown[183.7.92.44]
Mar 19 00:11:39 server3 postfix/smtpd[1002]: disconnect from unknown[183.7.92.44]
Mar 19 00:11:40 server3 postfix/smtpd[1002]: connect from unknown[183.7.92.44]
Mar 19 00:11:41 server3 postfix/smtpd[1002]: warning: unknown[183.7.92.44]: SASL LOGIN authentication failed: authentication failure
Mar 19 00:11:41 server3 postfix/smtpd[1002]: lost connection after AUTH from unknown[183.7.92.44]
Mar 19 00:11:41 server3 postfix/smtpd[1002]: disconnect from unknown[183.7.92.44]
Mar 19 00:11:42 server3 postfix/smtpd[1002]: connect from unknown[183.7.92.44]
Mar 19 00:11:43 server3 postfix/smtpd[1002]: warning: unknown[183.7.92.44]: SASL LOGIN authentication failed: authentication failure
Mar 19 00:11:43 server3 postfix/smtpd[1002]: lost connection after AUTH from unknown[183.7.92.44]
Mar 19 00:11:43 server3 postfix/smtpd[1002]: disconnect from unknown[183.7.92.44]
Mar 19 00:11:44 server3 postfix/smtpd[1002]: connect from unknown[183.7.92.44]
Mar 19 00:11:45 server3 postfix/smtpd[1002]: warning: unknown[183.7.92.44]: SASL LOGIN authentication failed: authentication failure
Mar 19 00:11:46 server3 postfix/smtpd[1002]: lost connection after AUTH from unknown[183.7.92.44]
Mar 19 00:11:46 server3 postfix/smtpd[1002]: disconnect from unknown[183.7.92.44]
Mar 19 00:11:46 server3 postfix/smtpd[1002]: connect from unknown[183.7.92.44]
Mar 19 00:11:47 server3 postfix/smtpd[1002]: warning: unknown[183.7.92.44]: SASL LOGIN authentication failed: authentication failure
Mar 19 00:11:48 server3 postfix/smtpd[1002]: lost connection after AUTH from unknown[183.7.92.44]
Mar 19 00:11:48 server3 postfix/smtpd[1002]: disconnect from unknown[183.7.92.44]
Reply With Quote
Sponsored Links