On 6/14/12 11:33 PM, Gustavo Lacoste wrote:
> Dear CentOS Community
>
> Is totally clear there's no support sendmail platform today, but I need to
> stop SMTP brute-force attack on sendmail. My server is attacked today, my
> maillog look like :
>
> 4624@xxxxxxxxxxxx>, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1]
> Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=<>, size=3958,
> class=0, nrcpts=1, msgid=<201206142307.q5EN710u024623@xxxxxxxxxxxx>,
> proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1]
> Jun 14 19:07:23 at6412 sendmail[24868]: q5EN7M6D024868: from=<
> qmarket@xxxxxxxxxx>, size=2193, class=0, nrcpts=2, msgid=<
> 20120614231448.1E99A13EE5F@xxxxxxxxxxxxxxxxxxxxxxxx>, proto=ESMTP,
> daemon=MTA, relay=[200.1.174.121]
> Jun 14 19:07:24 at6412 sendmail[24961]: q5EN7OT4024961: from=<
> nobody@xxxxxxxxxxxxxx>, size=4716, class=0, nrcpts=1, msgid=<
> E1SfJ8H-0005kv-JE@xxxxxxxxxxxxxx>, proto=ESMTP, daemon=MTA, relay=
> pc1.globalmac.cl [200.29.231.61] (may be forged)
> Jun 14 19:07:33 at6412 sendmail[25013]: q5EN7SqK025013: from=<
> a.pfsvtij@xxxxxxxxx>, size=760, class=0, nrcpts=1, msgid=<
> 1531549-634033-36@xxxxxxxxxx>, proto=SMTP, daemon=MTA, relay=
> h095159149119.ys.dsl.sakhalin.ru [95.159.149.119]
> Jun 14 19:07:37 at6412 sendmail[25065]: q5EN7bCj025065: from=<
> en.viaimport@xxxxxxxxx>, size=4531, class=0, nrcpts=0, proto=ESMTP,
> daemon=MTA, relay=186-105-73-29.baf.movistar.cl [186.105.73.29]
>
>
> I need help for STOP this spamers right now.
>
> Thanks in advance to anyone who can guide me
>
>
> With Kind Regards,
>
> Gustavo A. Lacoste Z.
> Curacautín - Chile
> Skype: knxroot
> Msn& Gtalk: knx.root [at] gmail.com
> Home page: http://www.lacosox.org
Hi,
there are few solutions available to do this.
1.) install & configure fail2ban
2.) Using IP Tables: i don't know if it is applicable to you
# Fix in Place to Kick a User For 1 Minutes After Three Errors in The
SMTP Session
# And Limit The Number of Connections Someone Could Make With a Simple
IP Tables Rule
-A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update
--seconds 60 --hitcount 3 -j DROP
-A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set
i trust this helps, there is another solution but you do not use Postfix.
# How many simultaneous connections any client is allowed to make to
this service.
smtpd_client_connection_count_limit = 3
# The maximal number of connection attempts any client is allowed to
make to this service per time unit.
smtpd_client_connection_rate_limit = 10
# The maximal number of message delivery requests that any client is
allowed to make to this service per time unit, regardless of whether or
# not Postfix actually accepts those messages.
smtpd_client_message_rate_limit = 20
# The maximal number of recipient addresses that any client is allowed
to send to this service per time unit, regardless of whether or not
# Postfix actually accepts those recipients.
smtpd_client_recipient_rate_limit = 500
# Clients that are excluded from connection count, connection rate, or
SMTP request rate restrictions.
smtpd_client_event_limit_exceptions = $mynetworks
Thanks
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
