Benny Pedersen: > Daniel Miller skrev den 2019-09-20 23:12: > > > I'm seeing some higher levels of attempted logins from various > > sources. Are there any automated filters that are suggested? Or do I > > simply add a check_client_a_access and reference a manually maintained > > blacklist? > > grep 'after AUTH' maillog > > make this list as check client access on custommer ports, not port 25 > > i block big abusers with static firewalling > > just not port 25 > > i see after AUTH on port 25, unsure what to do ? > > maybe postscreen can do samme with that as pregreet ?
Postscreen does not inspect every connection. That is a feature, not a bug. It's perfectly OK to fail2ban a client that makes too many mistakes while talking to an smtpd process. Wietse