Loading ...
Sorry, an error occurred while loading the content.

Re: question re. sasl authentication - thanks and follow-up (lockouts?)

Expand Messages
  • Robert Schetterer
    ... you may use fail2ban with postfix sasl rules against brute force Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64
    Message 1 of 7 , Mar 3, 2013
    • 0 Attachment
      Am 03.03.2013 13:52, schrieb Miles Fidelman:
      > Folks,
      >
      > Thanks for your replies re. sasl authentication. In thinking about
      > things, and looking at all the attacks on our mailer (repeated attempts
      > to authenticate and send email), it occurs to me:
      >
      > Does the postfix smtpd provide any mechanisms for locking out
      > IP/username combinations that repeatedly fail authentication - in the
      > same way that human login can get locked out after n failed
      > authentication attempts? Seems like this might be a good countermeasure
      > for brute force password guessing attacks against smtpd.
      >
      > Thanks,
      >
      > Miles Fidelman
      >

      you may use fail2ban with postfix sasl rules against brute force


      Best Regards
      MfG Robert Schetterer

      --
      [*] sys4 AG

      http://sys4.de, +49 (89) 30 90 46 64
      Franziskanerstraße 15, 81669 München

      Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
      Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
      Aufsichtsratsvorsitzender: Joerg Heidrich
    • Miles Fidelman
      ... thanks! -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra
      Message 2 of 7 , Mar 3, 2013
      • 0 Attachment
        Robert Schetterer wrote:
        > Am 03.03.2013 13:52, schrieb Miles Fidelman:
        >> Folks,
        >>
        >> Thanks for your replies re. sasl authentication. In thinking about
        >> things, and looking at all the attacks on our mailer (repeated attempts
        >> to authenticate and send email), it occurs to me:
        >>
        >> Does the postfix smtpd provide any mechanisms for locking out
        >> IP/username combinations that repeatedly fail authentication - in the
        >> same way that human login can get locked out after n failed
        >> authentication attempts? Seems like this might be a good countermeasure
        >> for brute force password guessing attacks against smtpd.
        >>
        >> Thanks,
        >>
        >> Miles Fidelman
        >>
        > you may use fail2ban with postfix sasl rules against brute force
        thanks!

        --
        In theory, there is no difference between theory and practice.
        In practice, there is. .... Yogi Berra
      Your message has been successfully submitted and would be delivered to recipients shortly.