How to stop or prevent Postfix / smtpd / Sasl brute forcing

email postfix smtp email-server brute-force-attacks
7,831

Solution 1

Postfix has a built-in option to create a "tar pit", i.e. to slow down when a client triggers too many errors. Both the delay used and how many errors are required to trigger the delay are configurable.

The configuration options you want to look at is smtpd_error_sleep_time. Exactly how to configure it depends on which postfix version you're using, but the link gives information about it.

In addition to this, you may want to use some of the publicly available IP-based blacklists. A list of commonly used blacklists is available at the Spamhaus project, with advisories on how to use them.

Solution 2

Fail2ban will work, but you can actually find that a lot of blacklists are available, for example the OpenBL list, I also found that greylisting was fairly effective against the unauthenticated bots, although not a panacea by itself.

Share:
7,831

Related videos on Youtube

Miloš Đakonović
Author by

Miloš Đakonović

Updated on September 18, 2022

Comments

  • Miloš Đakonović
    Miloš Đakonović almost 2 years

    There are numerous attempts to connect to my mail server in order to send mail either unauthenticated or to guess username and password to, I suppose, accomplish the same.

    Should I fight against that, just like in ssh case, and how?

    Just a note: I have bad experience with fail2ban.

  • Miloš Đakonović
    Miloš Đakonović over 10 years
    I was looking for non third-party solution either something like iptables or something similar - smtpd_error_sleep_time is just what fits. Thank you.
  • Jenny D
    Jenny D over 10 years
    NickW mentioned greylisting; there's information about that at postgrey.schweikert.ch . It does require some add-ons, though.
  • Miloš Đakonović
    Miloš Đakonović over 10 years
    Ok, final point is that we cannot stop them from trying (and consuming our CPU cycles too, but that's something other), we just can make their effort totally pointless from aspect of success and harmless to us ?
  • Jenny D
    Jenny D over 10 years
    To stop them from trying, you would need some sort of IP-based blacklist that stops them from connecting in the first place. So either fail2ban or one or more RBLs, or both.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Settings to change to allow PostFix to accept outgoing mail from authenticated users
What should I set in postfix's myhostname / mydestination?
Fixing My MTA's Poor Reputation
Postfix send email but not receive it. NOQUEUE: reject: RCPT from ; Relay access denied
Gmail smtp SASL authentication
Procmail with Postfix and virtual mailboxes
How can I install and configure an SMTP server?
How to change Helo Address?
Relay access denied when using SMTP to external recipients POSTFIX FREEBSD
Why I can't send mail to remote mailbox?