possible SMTP attack
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Sat Jul 31 18:59:35 UTC 2004
Olga wrote:
>Hi,
>
>I got this message in the logwatch sent to root:
>
>
>Client quit before communicating:
> 222.183.141.253 : 1 Time(s)
>
>**Unmatched Entries**
> [222.183.141.253]: possible SMTP attack: command=AUTH, count=6: 1 Time(s)
>
>
>What does it mean? How can I protect my server against SMTP attacks?
>
>Thank you.
>
>Olga
>
>
>
>
Besides firewalling this IP, nothing much..... Dont know what kind of
attack is it , but maybe limiting AUTH to secure channels can stop it
(if the attacker dont have tools that support TLS). In postfix you have
the option to only allow the use of the AUTH command if TLS is being
used. Dont know if sendmail can do the same thing though...
The only downside (which isnt in fact a downside) is that your users
will have to use TLS , but this way you gain in terms of security...
They'll have a bit of headache if your certificates are self-signed ,
but that's easy to overcome that...
--
Pedro Macedo
More information about the fedora-list
mailing list