Hi, I had an email account password guessed through auth attempts via smtps.
I did not realize this as I had forgotten I had it enabled at all. I was looking at the submission log and scratching my head not understanding how messages got to the remote queue without anything in the submission log, until I realized smpts was enabled and it was logging to /var/log/maillog and not to any log under /var/log/qmail... My first question: is it safe to disable smtps, I guess I don't need it for anything as all my users should be using 587/submission instead? Second question: How do I disable it? Should I just remove /var/qmail/supervise/smtps/run file? And/or block it at firewall level? Third question: to prevent brute force attacks, is fail2ban the best option to do it? I just follow the instructions at http://www.qmailtoaster.com/fail2ban.html ? Best, Peter
