Sam,

Is there a way to get spamdyke to log invalid authorizations in a manner that fail2ban can use? My host has been hit continuously with brute-force attacks. Unfortunately, the logs only have:


Jul 22 18:54:43 tardis spamdyke[26727]: [ID 702911 mail.info] FILTER_AUTH_REQUIRED Jul 22 18:54:50 tardis spamdyke[26727]: [ID 702911 mail.info] ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad username/password, vchkpw uses this to indicate SMTP access is not allowed): verizon Jul 22 18:56:01 tardis spamdyke[26727]: [ID 702911 mail.info] ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found Jul 22 18:57:16 tardis spamdyke[26736]: [ID 702911 mail.info] FILTER_AUTH_REQUIRED Jul 22 18:57:23 tardis spamdyke[26736]: [ID 702911 mail.info] ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad username/password, vchkpw uses this to indicate SMTP access is not allowed): verizon Jul 22 18:58:37 tardis spamdyke[26736]: [ID 702911 mail.info] ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found Jul 22 18:59:59 tardis spamdyke[26743]: [ID 702911 mail.info] FILTER_AUTH_REQUIRED Jul 22 19:00:10 tardis spamdyke[26743]: [ID 702911 mail.info] ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad username/password, vchkpw uses this to indicate SMTP access is not allowed): verizon Jul 22 19:01:21 tardis spamdyke[26743]: [ID 702911 mail.info] ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found Jul 22 19:02:32 tardis spamdyke[26876]: [ID 702911 mail.info] FILTER_AUTH_REQUIRED Jul 22 19:02:38 tardis spamdyke[26876]: [ID 702911 mail.info] ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad username/password, vchkpw uses this to indicate SMTP access is not allowed): verizon Jul 22 19:03:50 tardis spamdyke[26876]: [ID 702911 mail.info] ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found \Jul 22 19:05:11 tardis spamdyke[26891]: [ID 702911 mail.info] FILTER_AUTH_REQUIRED Jul 22 19:05:16 tardis spamdyke[26891]: [ID 702911 mail.info] ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad username/password, vchkpw uses this to indicate SMTP access is not allowed): verizon

They seem to have a huge list of account names to try and I've got thousands of attempts just for today. Unfortunately, without any IP address in the message I can't have fail2ban automatically block these.

Gary


_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to