Can I use DenyHosts for a SMTP service

Question

I would like to block some hosts that are brute forcing my SMTP server.

I'm currently using DenyHosts for SSHD and was wondering if I can add the SMTP service too.

It could be possible based on this http://www.mail-archive.com/denyhosts-user@lists.sourceforge.net/msg00833.html

Currently in my auth.log I get:

Jan  3 17:58:40 servername saslauthd[10729]: pam_unix(smtp:auth): check pass; user unknown
Jan  3 17:58:40 servername saslauthd[10729]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
Jan  3 17:58:42 servername saslauthd[10729]: do_auth         : auth failure: [user=zzz] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]

But, from the logs I'm not getting the attacker's host. (I'm using Postfix)

Maybe there is a more "standardized" way of doing this with DenyHosts or is there an alternative?

Switch to dovecot for SASL instead, and trawl the dovecot logs with denyhosts. saslauthd is a pain in the b-hind. — adaptr, Jan 04 '13 at 14:14

score 1 · Answer 1 · answered Jan 04 '13 at 14:55

1

You can also use Fail2ban instead Denyhosts. Here's a good explanation of how to do it for SMTP: http://theether.net/kb/100141

answered Jan 04 '13 at 14:55

boris quiroz

1,140
1
7
18

Can I use DenyHosts for a SMTP service

1 Answers1

Linked