Hiya Doug. Good to hear from you. Thanks for the reply.
We're all Windows here, so no iptables = no Fail2Ban :( And I don't see
a way of getting ASSP's ip lists >automatically< in the hardware firewalls
that we use.
The actor is attempting to sign in from at least a couple dozen IP's,
>> Summary question: is there a way to immediately ban IP's that try SMTP auth
>> on a specific port, but not on other ports? Allow SMTP auth on listenPort2,
>> but immediately ban any IP that fails SMTP auth on port 25?
I don't think that is currently an option with ASSP, but I currently do
Summary question: is there a way to immediately ban IP's that try SMTP auth
on a specific port, but not on other ports? Allow SMTP auth on
listenPort2, but immediately ban any IP that *fails* SMTP auth on port 25?
We're seeing a lot of smtp auth failures from 163 dot com from many many
many
