On Tue, Jan 12, 2016 at 08:25:53AM -0800, Richard Doyle wrote:
> > (I believe it's not even trying to send mail, but instead is trying
> > a brute force SMTP AUTH attack.)
> This works for me. In acl_smtp_auth:
> drop condition = ${if match{$sender_helo_name}{ylmf-pc}{yes}{no}}
Don't even advertise AUTH to potential abusers...
# Blacklist
auth_advertise_hosts =\
${if and {\
{ eq {$received_port}{587}}\
{ !inlist {$sender_helo_name}\
{ylmf-pc:other.bogus.heloname}}\
}\
{*}{}\
}
or...
# Whitelist
auth_advertise_hosts =\
${if and {\
{ eq {$received_port}{587}}\
{ inlist {$sender_helo_name}\
{my.golden.pc:other.golden.heloname}}\
}\
{*}{}\
}
Steve
