Mail Abuse – New Fail2ban Rules

What's Up With Eskimo's Community!

Moderators: Nanook, carl

Post Reply
User avatar
Nanook
Posting Freak
Posts: 274
Joined: Tue Jun 25, 2013 10:08 pm
Location: Shoreline
Zodiac:
Contact:

Mail Abuse – New Fail2ban Rules

Post by Nanook » Fri Nov 23, 2018 4:50 pm

Posted on November 23, 2018

I found people connecting to our mail server, giving the auth command, then disconnecting. I found out that this was a Chinese botnet attempting to deliver spam but why they would issue an auth command and then not provide arguments is not clear. Perhaps they are aware of some bug in postfix that I am not.

At any rate it is bad behavior so I have added rules to fail2ban to block IP addresses that do this. That’s one less botnet delivering spam.



Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests