Hello!
Until upgrading to OpenSMTPD 6.6 I used fail2ban to ban excessive login
failures from IPs, but that doesn't work any more with the log format
changed from:
smtp event=failed-command address=185.13.39.7 host=vps-33288.fhnet.fr
command="AUTH LOGIN (password)" result="535 Authentication failed"
|
smtp failed-command command="AUTH LOGIN (password)" result="535
Authentication failed"
Surprisingly SMTP isn't brute forced that much, but as I registered 472
failed authentications from a single IP yesterday, I'm going to have a
Go at a filter too. :)
All the best,
Reio
- Failed logins hammer/filter. Reio Remma
-
