On Tue, Jun 29, 2010 at 4:16 PM, Chris Davies <chris-use...@roaima.co.uk> wrote: > Alan Chandler <a...@chandlerfamily.org.uk> wrote: >> I have just moved my mail server (exim4 split config based) from one >> machine to another, and in doing so started examining the logs. I am >> being hit with multiple attempts to relay - several a second. They come >> in bursts from one host, then come from somewhere else. > >> I would like to put some for of inconvenient barrier up so perhaps they >> stop bothering me. > >> What is a good way of deterring them? > > Fail2ban is remarkably good at helping deter probes such as relay > attempts. Get it working "out of the box" and then tweak it to match > against other exim messages.
You could also look at the iptables "limit" and "recent" modules. I use those to drop the automated brute force SSH attempts. What you are seeing is also the same attack using SMTP AUTH. Regards, Didar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktinq-7slnlbooafjk-wscrufx73-xvlmzpnyw...@mail.gmail.com
