I recently had over 53,000 login attempts in a little over 3 hours
from a single IP address on my sendmail mail server. There were
some names that must have been obtained from email lists, but 99%
were almost every name you could possibly think of.
I am guessing they were probably looking for a way to gain access
to relay spam,
but regardless of the reason, I would like to figure out a way to
limit or stop such attempts.
As near as I can tell there is no way of configuring sendmail to
limit logins to the LAN (whitelist), but I would rank my sendmail
skills closer to novice than guru.
As a result I thought I would risk ridicule and ask here to be sure
before looking at solutions such as fail2ban.
As a result I thought I would risk ridicule
and ask here to be sure
before looking at solutions such as fail2ban.
I recently had over 53,000 login attempts in a little over 3 hours
from a single IP address on my sendmail mail server.
I recently had over 53,000 login attempts in a little over 3 hours
from a single IP address on my sendmail mail server.
As near as I can tell there is no way of configuring
sendmail to limit logins to the LAN (whitelist), but I would rank my
[...]
[...], but regardless
of the reason, I would like to figure out a way to limit or stop such attempts. As near as I can tell there is no way of configuring
sendmail to limit logins to the LAN (whitelist), [...]
[...]
I recently had over 53,000 login attempts in a little over 3 hours
from a single IP address on my sendmail mail server. There were some
names that must have been obtained from email lists, but 99% were
almost every name you could possibly think of. I am guessing they
were probably looking for a way to gain access to relay spam, but
regardless of the reason, I would like to figure out a way to limit
or stop such attempts. As near as I can tell there is no way of configuring sendmail to limit logins to the LAN (whitelist), but I
would rank my sendmail skills closer to novice than guru. As a
result I thought I would risk ridicule and ask here to be sure before
looking at solutions such as fail2ban.
Am Freitag, 22. Juli 2022, um 02:59:59 Uhr schrieb NotReal:
I recently had over 53,000 login attempts in a little over 3 hours
from a single IP address on my sendmail mail server.
You can set up a firewall (unrelated to sendmail) and just drop all
traffic from this IP.
Marco Moock wrote on 7/22/22 10:30 AM:
Am Freitag, 22. Juli 2022, um 02:59:59 Uhr schrieb NotReal:
I recently had over 53,000 login attempts in a little over 3 hoursYou can set up a firewall (unrelated to sendmail) and just drop all
from a single IP address on my sendmail mail server.
traffic from this IP.
just temporarily set a route
ip route add blackhole <offending-ip>
The IP address may be inside a DUL range.
The IP address may be inside a DUL range.
oh, sorry I see you apparently mean a 'Dialup user range', but anyway
if so a "firewall" wouldn't help either and if he/she's trying to authenticate for a relay there will be a forward/reverse mismatch on
that host, so it just produces some 'dust' in the logfile...
I recently had over 53,000 login attempts in a little over 3 hours from
a single IP address on my sendmail mail server.
I would like to figure out a way to limit or stop such
attempts
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 36:57:46 |
Calls: | 6,707 |
Files: | 12,239 |
Messages: | 5,353,495 |