Limit SASL Login failure attempts

jonathanross · Jul 6, 2010

Hi All,

I cannot for the life of me (and I've done lots of reading) figure out how to stop someone hammering our Mail Servers with SASL login attempts.

I've limited TLS connections and SMTP connections which helps other types of floods but I'd like to stop someone running a dictionary-type attack and drop their connection after three password failures.

An Postfix gurus aware of a fix ?

Many thanks,

JR

Noway2 · Jul 7, 2010

I don't recall anything in Postfix itself that has this functionality. The closest that it may come is to choke off functions after too many errors, as defined by the hard limit and soft limit on errors.

I believe that Fail2Ban can do this, which is commonly used for this purpose on SSH servers. You may need to create a custom rule for postfix if one doesn't exist, which pretty much amounts to writing a regex expression.

jonathanross · Jul 7, 2010

Thanks very much, I hadn't thought of that.

This looks useful:

http://www.fail2ban.org/wiki/index.php/Postfix

JR

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Limit SASL Login failure attempts

jonathanross

ISP

Noway2

Programmer

jonathanross

ISP

Similar threads

Part and Inventory Search

Sponsor