On Tue, Jun 09, 2015 at 12:54:51PM -0400, Forrest wrote:
> I recently updated my system from Sendmail to Postfix 3.0.1. Since that
> time, I've been targeted with several SASL dictionary attacks; activity I've
> not seen in this number before.
Restricting SASL to TLS might help...
http://www.postfix.org/SASL_README.html#server_sasl_authc
smtpd_tls_auth_only = yes
if the attacks are primarily over non-TLS connections. You might
also restrict SASL to port 587 and not enable it on port 25.
> Reading around elsewhere, I wonder if the script kiddies are looking for
> Postfix in the banner (which I've since removed), going after a presumed
> vulnerability?
The "vulnerability" in question is weak (easily guessed) passwords.
It seems unlikely that such attacks specifically target Postfix,
or that they care about the ESMTP banner.
--
Viktor.
