Good ideas. thanks a lot Peter.
Things of note from the log entries above:
1/2 of the entries are from the smtp (port 25) service. This service
should be for MX communication only and should not accept
pauthentication. You can eliminate 1/2 of the attempts just by
disabling authentication on port 25.
All of these entries are using the LOGIN mech. Unless you have an
extremely old outlook express MUA (or similar) you xan and should be
using the PLAIN mech. You can eliminate all of the above attacks by
removing LOGIN from the list of mechs you accept.
You can implement a policy daemon (such as postfwd) which can add limits
to help in case a password does get found. This can shut down a user
account before it gets used to send too much SPAM.
If you know that all of your users will originate in a certain country
or countries, you can use Geo-IP filtering to limit submission
connections to those countries. Note be careful not to block port 25
connections with this and realize that if you or your users ever intend
to do any travelling this could be problematic.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org