What do you have so far? How important is the "from china" part?
On Sat, Dec 18, 2010 at 2:21 PM, Steve West <[email protected]> wrote: > Hi, > > Can anyone help me create a rule to stop Dic attack on smtp server from > china? I've tried manually blocking these attacks via iptables, but the ip > addresses just keep changing and their all from china. > > Below is a sample entry from /var/log/maillog. They send large amount of > requests trying different login and passwords. > > Dec 18 07:46:15 mail smtpd: 1292676375.037446 Reject::ORIG::Failed_Auth: > P:ESMTPA S:124.14.209.112:unknown H:ylmf-pc 'login' ?= 'office' > > Thank you for any help! > > Best Regards, > > SW >
