Dnia 21.10.2024 o godz. 09:46:14 Geoff Mulligan via mailop pisze: > Maybe I'm just now more observant, but I've seen a huge increase in > bunches of systems trying to brute force an SASL login. [...] > > I wrote a script to check my mail log and block the IPs. > What do you all do?
1) I don't have AUTH enabled on port 25, so the IPs that would try to do this just connect and disconnect. 2) On submission ports, I instantly reject all connection attempts if there is no currently established IMAP session from the same IP address (any normal email client first establishes an IMAP session to get the mail, and only later optionally connects to submission port if the user wants to send something). -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
