John Hill via Postfix-users:
> I learn something every time I read this group, when I can keep up with
> the conversation!
>
> I had auth on ports I did not need. I use auth on submission port 587,
> for users access.
>
> I do get a boat load of failed login attempts on 587. Funny how a China,
> US, Argentina, you name it, hosts, will try the same failed username
> password at nearly the same time.
>
> Small world.
>
> I use Fail2Ban to block the failed IP. The script writes it into the
> nftables table immediately.
>
> I think this keeps Postfix waiting and times out, not a big deal. Is
> there a cli that my bash script could force disconnect the ip from Postfix?
>
> I did search the man page and the docs, sorry if I missed it.
On port 587? setting "smtpd_hard_error_limit=1" might do it.
masster.cf:
submission .. .. .. .. .. .. .. smtpd
-o { smtpd_hard_error_limit = 1 }
...other -o options...
You need to "postfix reload" after editing master.cf,
This assumes that a good user makes no mistakes.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
