Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: blocking postfix SASL hacking attempts

  1. #11
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    14,950
    Distro
    Kubuntu 20.04 Focal Fossa

    Re: blocking postfix SASL hacking attempts

    Quote Originally Posted by robbo007 View Post
    Thanks I was going to do something like this next until I can get fail2ban working correctly. I don't want to start blocking too much of a subnet just in case I need real traffic from there. I see im the time I've blocked those IP ranges they are now using more. God these guys are persistent.
    You can just block port 25 and leave everything else untouched.
    Code:
    sudo iptables -I INPUT -p tcp --dport 25 -s 185.143.73.0/24 -j REJECT
    sudo iptables -I INPUT -p tcp --dport 25 -s 45.142.195.0/24 -j REJECT
    sudo iptables -I INPUT -p tcp --dport 25 -s 46.38.144.0/24 -j REJECT
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  2. #12
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,847
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: blocking postfix SASL hacking attempts

    Does UFW have some GeoIP block option? Seems like that is what is needed.

  3. #13
    Join Date
    May 2020
    Beans
    6

    Re: blocking postfix SASL hacking attempts

    Right I've got fail2ban working and its blocking the **** who keeps attacking.. I think this is now going to work I don't know why fail2ban was not working. Seemed it was not loading for some reason. Its now responding.

    Status for the jail: sasl
    |- Filter
    | |- Currently failed: 0
    | |- Total failed: 15
    | `- File list: /var/log/mail.log
    `- Actions
    |- Currently banned: 3
    |- Total banned: 3
    `- Banned IP list: 185.143.75.81 185.143.75.157 45.142.195.7

  4. #14
    Join Date
    Sep 2014
    Location
    United States
    Beans
    254
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: blocking postfix SASL hacking attempts

    So all you did was enable it? Glad to hear it's working. Good job.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •