Loading ...
Sorry, an error occurred while loading the content.
 

Re: Logging of users trying auth on auth-disabled port?

Expand Messages
  • Wietse Venema
    ... I agree. When a client makes many connections without delivering mail, then that is a sign that the client is not legitimate. Just don t set the threshold
    Message 1 of 7 , Apr 26, 2012
      Eliezer Croitoru:
      > On 25/04/2012 22:37, tobi wrote:
      > > On 25.04.2012 17:31, Wietse Venema wrote:
      > >> Logging every command is a great way to spam the logfile with random
      > >> junk.
      > >
      > > Maybe my subject was misleading. I do not need the content of the
      > > command. I would just like to find a way to get a line like "from
      > > xxx.xxx.xxx.xxx Error: authentication not enabled" in the logs. Thats
      > > the same message a client receives during smtp-talk if it tries auth
      > > login on auth disabled port.
      > > If there really is no way then I will activate auth again and scan the
      > > logs for brute force on logins. I want the ips of those bastards who
      > > always try auth logins ;-)
      > >
      > > tobi
      > in any case you should get the "postfix/smtpd[***]: connect from...IP"
      > in a case a connection is initiated from any host to your server.

      I agree. When a client makes many connections without delivering
      mail, then that is a sign that the client is not legitimate.
      Just don't set the threshold too low.

      Wietse
    Your message has been successfully submitted and would be delivered to recipients shortly.