Hi,
Can anyone help me create a rule to stop Dic attack on smtp server from
china? I've tried manually blocking these attacks via iptables, but the
ip addresses just keep changing and their all from china.
Below is a sample entry from /var/log/maillog. They send large amount of
requests trying different login and passwords.
Dec 18 07:46:15 mail smtpd: 1292676375.037446 Reject::ORIG::Failed_Auth:
P:ESMTPA S:124.14.209.112:unknown H:ylmf-pc 'login' ?= 'office'
Thank you for any help!
Best Regards,
SW
