Maybe I can add something useful here: On most systems there is not only one server running but many more.
I use a combination of blacklists plus an "overall protection". I am really a friend of CrowdSec | Curated Threat Intelligence Powered by the Crowd which serves its purpose very well. Martin. On Friday, 09 August, 2024 17:06 CEST, Benny Pedersen via Postfix-users <postfix-users@postfix.org> wrote: Corey H via Postfix-users skrev den 2024-08-09 13:53: > Hello list, > > I saw many logs like this in our server log, > > Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: warning: > unknown[5.31.8.57]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 > Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: too many errors > after AUTH from unknown[5.31.8.57] > > Since system has warned that "too many errors after AUTH ", is there a > policy setup to stop this kind of IP? i know fail2ban, but that's a > standalone service, not integrated into postfix itself. https://www.spamrats.com/ best defense there see example conf for postfix _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org -- Martin Stenzel · er/ihm · he/him m.sten...@mail.xy-space.de An der Drehscheibe 9 D-50733 Köln · Cologne Deutschland · Germany This message was checked by ESET Endpoint Antivirus for Linux. Detection Engine Version: 29699 (20240809).
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org