On 4/4/2012 6:14 PM, Daniel L. Miller wrote: > I'm getting hit with a lot of failed auth attempts. I believe an > account got hacked - and I'm seeing an huge amount of traffic trying to > log in using it. I've disabled the account - but of course they keep > trying. > > ASSP is blocking the failed attempts quite nicely - but my mail server > (Postfix) logs are filling with a lot of empty connections: > Apr 4 18:10:28 bubba assp/smtpd[1589]: connect from localhost[127.0.0.1] > Apr 4 18:10:29 bubba assp/smtpd[1589]: lost connection after EHLO from > localhost[127.0.0.1] > Apr 4 18:10:29 bubba assp/smtpd[1589]: disconnect from localhost[127.0.0.1] > > As far as I know - this is normal, healthy, proper operation. But I'd > like more information. My (limited) understanding of the XFORWARD (from > http://www.postfix.org/XFORWARD_README.html) is that ASSP can pass the > remote sending IP (and other information) to Postfix - which can then > use that for processing or logging. > > Does anyone else see value in this?
My mistake - XFORWARD is the wrong tool for this. I believe XCLIENT is the appropriate solution - if it can be implemented. -- Daniel ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
