I use postfix but my plan of attack is different. I only allow
authenticated logins on port 587 and block them on port 25. You have
to keep 25 open to receive mails from outside but the port now
becomes single purpose. Any legitimate relaying from the inside or
outside is done through port 587 where (for the moment) there is a
lot less hacking/probing traffic.
Nick
On 02/09/2019 21:32, Mike wrote:
At 02:57 PM 9/2/2019, you wrote:
Hi,
>Sep 1 21:44:46 hst postfix/smtpd[28571]: connect from
unknown[101.89.216.243] Sep 1 21:44:51 hst
postfix/smtpd[28571]: warning: unknown[101.89.216.243]: SASL
LOGIN authentication failed: UGFje8vcmQ6
>
>What port is this being conducted on?
>
>Is this smtp port 25?
SASL is usually used on the submission port, 587.
Do you have SASL enabled on port 25? If so, it's a good idea to
only leave it enabled on port 587.
I am not sure if I do. I don't see anything in my
/etc/dovecot/dovecot.conf file relating to sasl ports (or in any
of the dovecot/conf.d/* files).
I've revised my iptables port blocking to see if blocking 587
stops the login attempts.
Anybody know what settings in Dovecot/CentOS might relate to this?
So I assume port 587 is an alternative smtp port, usually reserved
for localized traffic? Blocking it won't affect normal mail flow?
- Mike
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
|
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
