Maybe I can add something useful here:
On most systems there is not only one server running but many more.

I use a combination of blacklists plus an "overall protection". I am really a 
friend of

CrowdSec | Curated Threat Intelligence Powered by the Crowd

which serves its purpose very well.

Martin.



On Friday, 09 August, 2024 17:06 CEST, Benny Pedersen via Postfix-users 
<postfix-users@postfix.org> wrote:
 Corey H via Postfix-users skrev den 2024-08-09 13:53:
> Hello list,
>
> I saw many logs like this in our server log,
>
> Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: warning:
> unknown[5.31.8.57]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: too many errors
> after AUTH from unknown[5.31.8.57]
>
> Since system has warned that "too many errors after AUTH ", is there a
> policy setup to stop this kind of IP? i know fail2ban, but that's a
> standalone service, not integrated into postfix itself.

https://www.spamrats.com/ best defense there see example conf for
postfix
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

--
Martin Stenzel · er/ihm · he/him
m.sten...@mail.xy-space.de

An der Drehscheibe 9
D-50733 Köln · Cologne
Deutschland · Germany



This message was checked by ESET Endpoint Antivirus for Linux.
Detection Engine Version: 29699 (20240809).

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to