Hi David, You're right of course and I get that too. My problem is that I have no way to solve the problem directly with the firewall. I have very simple rules that say no more than 4 new connections are allowed on the smpt port from one IP address (I have similar rules for other ports):
$IPTABLES -A INPUT -p tcp -d $MYHOST --dport 25 -m state --state NEW -m recent --set --name DDOS-SMTP $IPTABLES -A INPUT -p tcp -d $MYHOST --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DDOS-SMTP -j DROP It doesn't always work for James though. I also described this in the first post on this topic. The attacker open a connection and keeps trying to log in, more than 100 attempts in a few seconds. And the connection remains open so the firewall-rule doesn't work. My approach would be that James closes the connection after e.g. three attempts, that should be configurable. Then the standard firewall rules could take effect again. Best wishes Günter > David Matthews <m...@dmatthews.org.invalid> hat am 16.06.2023 08:47 CEST > geschrieben: > > > hi Gunter > > >The best way I think would be if James could handle this internally. Until > >then, fail2ban is a good alternative. > > I think you are misunderstanding. Neither james or any other mail exchanger > or imap server can take over the work fail2ban can do. Fail2ban can provide a > dynamic firewall, by blocking ip addresses that misbehave on the fly. This > blocking happens at network level rather than application level so is much > more efficient and safer than james/exim4/postfix alone can achieve with even > the finest configuration tweaks. > > -- > David Matthews > m...@dmatthews.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org -- Günter Paul Hirschbachstraße 4a 53506 Ahrbrück Tel.: +4926436747 Mobile: +491759140889 --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
