Hi David,
  Try using this little script...

-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
        echo ""
        echo "$0 must be run as root"
        echo ""
        exit 1
fi;

if [ $mip == "--help" ]; then
  echo "========================================"
  echo "Help: Block single and subnet IP's"
  echo "========================================"
  echo "blockip 132.2.1.1"
  echo "blockip 132.1.0/24"
  echo "----------------------------------------"
  exit 1
fi;

-- snip --

worked for me forever...
Use qtp watchall to monitor the logs and use th output to manually block ips or 
subnets

If you need more hit me off list.

best wishes
  Tony White
On 18/4/20 2:59 pm, David Bray wrote:

I can see I'm getting hammered on my smtps port

How can I mitigate this?

I can see the IP's in /var/log/qmail/smtps/current

*but where do I actually see that the smtp auth actually fails ?*

or do I need to increase the logging somewhere ?

if I tail -f /var/log/dovecot.log

I can see the imap and pop failures

thanks in advance

David Bray
0418 745334
2 ∞ & <


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to