I'm getting hit with a lot of failed auth attempts. I believe an account got hacked - and I'm seeing an huge amount of traffic trying to log in using it. I've disabled the account - but of course they keep trying.
ASSP is blocking the failed attempts quite nicely - but my mail server (Postfix) logs are filling with a lot of empty connections: Apr 4 18:10:28 bubba assp/smtpd[1589]: connect from localhost[127.0.0.1] Apr 4 18:10:29 bubba assp/smtpd[1589]: lost connection after EHLO from localhost[127.0.0.1] Apr 4 18:10:29 bubba assp/smtpd[1589]: disconnect from localhost[127.0.0.1] As far as I know - this is normal, healthy, proper operation. But I'd like more information. My (limited) understanding of the XFORWARD (from http://www.postfix.org/XFORWARD_README.html) is that ASSP can pass the remote sending IP (and other information) to Postfix - which can then use that for processing or logging. Does anyone else see value in this? -- Daniel ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
