Loading ...
Sorry, an error occurred while loading the content.
 

Re: How to limit smtp connections

Expand Messages
  • Miguel Angel Tormo
    ... It seems to me a lame attempt to find passwords, maybe to use your server as a relay or in the hope of getting a shell. You can limit the number of errors
    Message 1 of 2 , Mar 30, 2007
      El Viernes 30 Marzo 2007 11:26, Philippe Lefevre escribiĆ³:
      > Hello all,
      >
      > Yesterday afternoon I had some tries from someone from the cnc-noc.net
      > (china) network to go into my server via smtp.
      > Is there anybody familiar with security problems could explain me a bit ?
      > I would like to understand know the goal searched Relay, send spams ?
      > could/should I limit the number of tries login within smtp/postfix as we
      > can do with the unix passwd.
      > Will I see some particular traces in my postfix logs, if such a thing
      > happen ?
      > If you know some documents on the net that may help on that subject ...
      >
      > Thank you for any help

      It seems to me a lame attempt to find passwords, maybe to use your server as a relay or in the hope of getting a shell.
      You can limit the number of errors in an smtp session. See:
      http://www.postfix.org/postconf.5.html#smtpd_hard_error_limit
      http://www.postfix.org/postconf.5.html#smtpd_soft_error_limit


      >
      > PhL
      >
      > Here a part of my log as of today :
      >
      > ************************
      >
      > Transcript of session follows.
      >
      > Out: 220 My.system.homelinux.net ESMTP Postfix
      > In: EHLO pc53
      > Out: 250-my.system.homelinux.net
      > Out: 250-PIPELINING
      > Out: 250-SIZE 10240000
      > Out: 250-VRFY
      > Out: 250-ETRN
      > Out: 250-AUTH NTLM LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5
      > Out: 250 8BITMIME
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6 <== Username:
      > In: YWRtaW4= <== admin
      > Out: 334 UGFzc3dvcmQ6 <== Password:
      > In: YWRtaW4= <== admin
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: YWRtaW4=
      > Out: 334 UGFzc3dvcmQ6
      > In: YWRtaW4=
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: YWRtaW4=
      > Out: 334 UGFzc3dvcmQ6
      > In: aW5mbw== <== info
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: YWRtaW4=
      > Out: 334 UGFzc3dvcmQ6
      > In: aW5mbw==
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: YWRtaW4=
      > Out: 334 UGFzc3dvcmQ6
      > In: cm9vdA== <== root
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: YWRtaW4=
      > Out: 334 UGFzc3dvcmQ6
      > In: cm9vdA==
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: YWRtaW4=
      > Out: 334 UGFzc3dvcmQ6
      > In: d2VibWFzdGVy <== webmaster
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: YWRtaW4=
      > Out: 334 UGFzc3dvcmQ6
      > In: d2VibWFzdGVy
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: YWRtaW4=
      > Out: 334 UGFzc3dvcmQ6
      > In: YW5vbnltb3Vz <== anonymous
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: YWRtaW4=
      > Out: 334 UGFzc3dvcmQ6
      > In: YW5vbnltb3Vz
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: YWRtaW4=
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: YWRtaW4=
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: aW5mbw==
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: aW5mbw==
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: cm9vdA==
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: cm9vdA==
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: d2VibWFzdGVy
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: d2VibWFzdGVy
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: YW5vbnltb3Vz
      > Out: 535 Error: authentication failed
      > In: AUTH LOGIN
      > Out: 334 VXNlcm5hbWU6
      > In: aW5mbw==
      > Out: 334 UGFzc3dvcmQ6
      > In: YW5vbnltb3Vz
      > Out: 535 Error: authentication failed
      > Out: 421 my.system.homelinux.net Error: too many errors
      >
      > Session aborted, reason: too many errors
      >
      >
      >
      >
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.