Mail Abuse – New Fail2ban Rules

What's Up With Eskimo's Community!

Moderators: Nanook, carl

Post Reply
User avatar
Posting Freak
Posts: 332
Joined: Tue Jun 25, 2013 10:08 pm
Location: Shoreline

Mail Abuse – New Fail2ban Rules

Post by Nanook » Fri Nov 23, 2018 4:50 pm

Posted on November 23, 2018

I found people connecting to our mail server, giving the auth command, then disconnecting. I found out that this was a Chinese botnet attempting to deliver spam but why they would issue an auth command and then not provide arguments is not clear. Perhaps they are aware of some bug in postfix that I am not.

At any rate it is bad behavior so I have added rules to fail2ban to block IP addresses that do this. That’s one less botnet delivering spam.

Post Reply

Who is online

Users browsing this forum: No registered users and 47 guests