Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] defending a personal server from attacks


I had the following in a logwatch log in a server I have connected to the internet

--------------------- postfix Begin ------------------------

SASL Authentication failed from: 1 Host(s), 398 Time(s)
Too many errors in SMTP commands dialog: 1 Command(s), 290 Time(s)
---------------------- postfix End -------------------------

Checking at the /var/log/maillog, have these messages repeated lots of times:

postfix/smtpd[310]: warning: hostname verification failed: Name or service not known
 postfix/smtpd[310]: connect from unknown[]
 postfix/smtpd[310]: warning: unknown[]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
 last message repeated 12 times
 last message repeated 7 times
 postfix/smtpd[310]: too many errors after AUTH from unknown[]
 postfix/smtpd[310]: disconnect from unknown[]

from the time of the logs (not shown) this attack lasted several hours. Yesterday logs show something similar going on from several hours, but from a different IP.

What would be the recommended way to protect from this? manually modify the firewall (iptables) to block the attacker IP address(es)? Can this can be reported somewhere?
As this is a personal (hosted) server, I am not able to use expensive software/hw/tools.

Thank you,

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links