Loading ...
Sorry, an error occurred while loading the content.

Re: Option to log clients that execute invalid commands or disconnect with no email delivery

Expand Messages
  • John Fawcett
    ... I installed fail2ban more out of concerns for security across a number of services primarily sshd, but then extended to others including postfix. I then
    Message 1 of 12 , Jun 30, 2013
    View Source
    • 0 Attachment
      On 01/07/13 04:30, Stan Hoeppner wrote:
      > On 6/28/2013 12:31 PM, John Fawcett wrote:
      >
      >> One type of connection which I cannot block in fail2ban are clients that
      >> try the AUTH command on port 25, where I have disabled it. I got 245
      >> connections this morning in the space of 5 minutes and those are the
      >> ones that got through despite the connection concurrency limit being hit
      >> 277 times.
      >
      > Anvil did its job preventing a DOS condition on smtpd. Even if these
      > had progressed far enough to be rejected they'd still have not put
      > significant load on the server.
      >
      > Thus the sum total negative impact of this attack on my MX is a bloated
      > log. For me, personally, it's not worth the hassle to implement
      > fail2ban simply to keep the log tidy.
      >
      > In your case John are you suffering anything more than a bloated log?
      > Is one extra connect/second causing problems?
      >

      I installed fail2ban more out of concerns for security across a
      number of services primarily sshd, but then extended to
      others including postfix.

      I then became interested in using it to block people hammering
      the server. I am not sure how much hammering it actual stops
      since I don't generally see it Only a failure of fail2ban in this
      case enabled me to investigate further.

      The additional connection load in this case is probably
      irrelevant, however I still prefer to block because there is
      no guarantee that spambots will stay within acceptable
      limits and I prefer to be cautious.

      John
    Your message has been successfully submitted and would be delivered to recipients shortly.