Hello!

Until upgrading to OpenSMTPD 6.6 I used fail2ban to ban excessive login failures from IPs, but that doesn't work any more with the log format changed from:

smtp event=failed-command address=185.13.39.7 host=vps-33288.fhnet.fr command="AUTH LOGIN (password)" result="535 Authentication failed"
|
smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed"

Surprisingly SMTP isn't brute forced that much, but as I registered 472 failed authentications from a single IP yesterday, I'm going to have a Go at a filter too. :)

All the best,
Reio

Reply via email to