|
On 9/2/19 3:23 PM, Mike wrote:
This is a general security/ports question.
Is there a way to allow incoming SMTP mail traffic but block
attempts to use SMTP AUTH (obviously as a way to probe or brute
force logins)? Are these separate ports or the same? (i.e. if I
block port 25, do I stop dovecot login attempts but also block any
inbound mail? Or are there separate ports in place?)
I'm wondering if it is possible to allow, for example, mail to
originate from a foreign IP space, but not allow that same IP
space to attempt to login via smtp auth to check for user
accounts. Obviously, I can block imap and pop3 ports, but it
looks like there are some additional ports, like 25 that may serve
dual purpose? Allowing incoming mail, but also allowing login
attempts? Is there a way to allow one and block the other?
https://github.com/GaryGapinski/fail2ban-extras/blob/master/filter.d/postfix-extra.md
has an example (a partial one) of this (using Postfix). It relies
on (not shown there) a separate submission (587/tcp) service over
TLS defined in /etc/postfix/master.cf. MUAs send (authenticated)
email via that port.
https://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
has more info.
|
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
