4

There are numerous attempts to connect to my mail server in order to send mail either unauthenticated or to guess username and password to, I suppose, accomplish the same.

Should I fight against that, just like in ssh case, and how?

Just a note: I have bad experience with fail2ban.

Miloš Đakonović
  • 640
  • 3
  • 9
  • 28

2 Answers2

3

Postfix has a built-in option to create a "tar pit", i.e. to slow down when a client triggers too many errors. Both the delay used and how many errors are required to trigger the delay are configurable.

The configuration options you want to look at is smtpd_error_sleep_time. Exactly how to configure it depends on which postfix version you're using, but the link gives information about it.

In addition to this, you may want to use some of the publicly available IP-based blacklists. A list of commonly used blacklists is available at the Spamhaus project, with advisories on how to use them.

Jenny D
  • 27,358
  • 21
  • 74
  • 110
  • I was looking for non third-party solution either something like iptables or something similar - smtpd_error_sleep_time is just what fits. Thank you. – Miloš Đakonović Mar 14 '14 at 10:41
  • NickW mentioned greylisting; there's information about that at http://postgrey.schweikert.ch/ . It does require some add-ons, though. – Jenny D Mar 14 '14 at 10:42
  • Ok, final point is that we cannot stop them from trying (and consuming our CPU cycles too, but that's something other), we just can make their effort totally pointless from aspect of success and harmless to us ? – Miloš Đakonović Mar 14 '14 at 10:48
  • To stop them from trying, you would need some sort of IP-based blacklist that stops them from connecting in the first place. So either fail2ban or one or more RBLs, or both. – Jenny D Mar 14 '14 at 11:03
2

Fail2ban will work, but you can actually find that a lot of blacklists are available, for example the OpenBL list, I also found that greylisting was fairly effective against the unauthenticated bots, although not a panacea by itself.

NickW
  • 10,183
  • 1
  • 18
  • 26