John Schmerold:
What is the best way to protect against dictionary attacks in Postfix?
Wietse Venema:
Reportedly, fail2ban (no first-hand experience, because I have no
SASL clients).
On 03 Nov 2019, at 06:06, Wietse Venema <wie...@porcupine.org> wrote:
Also, Postfix can rate-limit auth commands, on the assumption that
good users don't make lots of repeated login attempts.
Wietse
htp://www.postfix.org/postconf.5.html#smtpd_client_auth_rate_limit
smtpd_client_auth_rate_limit (default: 0)
The maximal number of AUTH commands that any client is allowed
to send to this service per time unit, regardless of whether
or not Postfix actually accepts those commands. The time unit
is specified with the anvil_rate_time_unit configuration
parameter.
On 03.11.19 06:39, @lbutlr wrote:
That defaults to 60s so setting this to 3 would rate limit to three attempts
per minute. That’s good to know.
That might be useful, though I am not sure I am seeing very fast auth attempts.
unfortunately, I do, multiple auth attempts from the same host to the same
user, quick estimate says even 7 per minute. Apparently some clients don't
keep smtp connections open in the background, so we must be very carefull
here.
Still, it certainly can’t hurt.
I'm afraid it won't even help much - seems that dictionary attacks work much
slower.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
