On Tue, 21 Sep 2021, Michael Peddemors wrote:
Use RATS-AUTH to block auth attacks, from known dedicated IP(s) ;)
I've tried this, so far it has blocked 7 of 4933 AUTH attempts since I
began using it.
Block AUTH from Amazon/Gcloud/Azure by default
Would you include other clouds, like Alibaba, Oracle, OVH, Rackspace,
etc., perhaps especially those that are "too easy" for spammers and
miscreants to get a machine going on? I can understand this sentiment
but be aware it might block your more advanced users, e.g., those
hosting a VPN or mail archive there or a service that does.
but the MOST IMPORTANT THING!!
Stop allowing unencrypted AUTH.. eg port 110, 143, 25.
#didyouknow that by turning off unencrypted AUTH you can reduce compromised
accounts by as much as 90%?
I've seen attempts try clear even though authentication isn't offered
w/o TLS, but also explicit-TLS and implicit-TLS so yes some of them
would be blocked and that's good, just don't anybody expect a silver
bullet. Lately I've closed all but 25 which cannot AUTH -- they still,
blindly, try -- and only open the other ports upon port knocking and
locally which a VPN can reach.
/mark
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
