Benny Pedersen:
> Daniel Miller skrev den 2019-09-20 23:12:
>
> > I'm seeing some higher levels of attempted logins from various
> > sources. Are there any automated filters that are suggested? Or do I
> > simply add a check_client_a_access and reference a manually maintained
> > blacklist?
>
> grep 'after AUTH' maillog
>
> make this list as check client access on custommer ports, not port 25
>
> i block big abusers with static firewalling
>
> just not port 25
>
> i see after AUTH on port 25, unsure what to do ?
>
> maybe postscreen can do samme with that as pregreet ?
Postscreen does not inspect every connection. That is a feature,
not a bug. It's perfectly OK to fail2ban a client that makes too
many mistakes while talking to an smtpd process.
Wietse
