On 06/17/17 11:57, mabi wrote: > Does anyone have a fail2ban filter for OpenSMTPD? > > I would like to block the many many AUTH LOGIN attempts as you can see > here from the logs: > > Jun 17 11:55:49 gw smtpd[594]: 7eeebcc95623efe1 smtp > event=failed-command command="AUTH LOGIN" result="503 5.5.1 Invalid > command: Command not supported" > Jun 17 11:55:52 gw smtpd[594]: 7eeebcc95623efe1 smtp event=closed > reason="io-error: Connection reset by peer"
It's been a while since I tried to tweak fail2ban at all but as long as you're on OpenBSD or some other system with PF, it's fairly trivial to autoban such silliness via a cron job that greps for the noisemakers and add them to a table that's already referenced in a block rule. Examples in the most recent PF tutorial start at https://home.nuug.no/~peter/pftutorial/#44 and there is a oneliner that would be an easy starting point for adapting to your needs at the bottom of https://home.nuug.no/~peter/pftutorial/#46 - that one is taken from a cron job I run somewhere that will not ever need a wordpress install. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
