Re: Sendmail SMTP Brute-Force Attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Shiv. Nath wrote:
> On 6/14/12 11:33 PM, Gustavo Lacoste wrote:
>> Dear CentOS Community
>>
>> Is totally clear there's no support sendmail platform today, but I need
>> to stop SMTP brute-force attack on sendmail. My server is attacked today,
>> my maillog look like :
>>
>> 4624@xxxxxxxxxxxx>, proto=ESMTP, daemon=MTA, relay=myserver.com
>> [127.0.0.1]
>> Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=<>,
>> size=3958,
>> class=0, nrcpts=1, msgid=<201206142307.q5EN710u024623@xxxxxxxxxxxx>,
>> proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1]
<snip>
>> I need help for STOP this spamers right now.
>
> there are few solutions available to do this.
>
> 1.) install & configure fail2ban
>
> 2.) Using IP Tables: i don't know if it is applicable to you
<snip>
I strongly encourage you to use fail2ban. Which, btw, rewrites iptables
rules on the fly....

Speaking of which... are other folks seeing a low-level (that is, hit, try
later, hit, try later, etc, over weeks, rather than trytrytrytrytrytrytry
in one shot) from
inetnum:         91.201.64.0 - 91.201.67.255
netname:         Donekoserv
descr:           DonEkoService Ltd
country:         RU

This is explicitly against PMA, which I gather, is apache-pma.

        mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux