Code: Select all
LF_EMAIL_ALERT = "0"Search found 3 matches
- 04 Feb 2016, 12:24
- Forum: General Discussion (csf)
- Topic: saslauthd dictionary attack on sendmail
- Replies: 6
- Views: 7628
Re: saslauthd dictionary attack on sendmail
I think this is controlled by:
in /etc/csf/csf.conf
- 11 May 2013, 17:44
- Forum: General Discussion (csf)
- Topic: saslauthd dictionary attack on sendmail
- Replies: 6
- Views: 7628
Re: saslauthd dictionary attack on sendmail
Actually, it is working (it was my testing method that was suspect, it seems). I've increased the block time to an hour now: if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^(\S+|\S+\s+\d+\s+\S+) (\S+ )?sendmail\[\d+\]: (\S+): \[(\d+\.\d+\.\d+\.\d+)] did not issue MAIL\/EXPN\/VRFY\/ETRN during ...
- 10 May 2013, 13:12
- Forum: General Discussion (csf)
- Topic: saslauthd dictionary attack on sendmail
- Replies: 6
- Views: 7628
Re: saslauthd dictionary attack on sendmail
I used a regex to look for multiple "did not issue MAIL/EXPN/VRFY/ETRN" when I used to use fail2ban. It works very well for sendmail where the IP address isn't recorded by saslauthd (See bugzilla.redhat .com/show_bug.cgi?id=683797, comments.gmane .org/gmane.comp.security.cyrus.sasl/7027). ...