Olga wrote:
Besides firewalling this IP, nothing much..... Dont know what kind of attack is it , but maybe limiting AUTH to secure channels can stop it (if the attacker dont have tools that support TLS). In postfix you have the option to only allow the use of the AUTH command if TLS is being used. Dont know if sendmail can do the same thing though...Hi,
I got this message in the logwatch sent to root:
Client quit before communicating: 222.183.141.253 : 1 Time(s)
**Unmatched Entries** [222.183.141.253]: possible SMTP attack: command=AUTH, count=6: 1 Time(s)
What does it mean? How can I protect my server against SMTP attacks?
Thank you.
Olga
The only downside (which isnt in fact a downside) is that your users will have to use TLS , but this way you gain in terms of security... They'll have a bit of headache if your certificates are self-signed , but that's easy to overcome that...
-- Pedro Macedo
