Re: [exim] Closing off Port to non-SSL traffic

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Slavko
Data:  
Para: 'Mailing List'
Assunto: Re: [exim] Closing off Port to non-SSL traffic
Dňa 23. júna 2022 22:15:48 UTC používateľ Sebastian Nielsen via Exim-users <exim-users@???> napísal:

>I solved that with:
>auth_advertise_hosts = 192.168.0.0/16 : 127.0.0.1 : ::::1


This helps only for single user MTA, my real users connects even from
multiple countries...

>2022-06-10 23:50:20 SMTP protocol error in "AUTH LOGIN" H=(User)
>[45.85.190.59] AUTH command used when not advertised


That is pretty simple, just add this IP to firewall's DROP. To automatize
its banning, use fail2ban. But be aware, that they will often try from
other IP soon. I have 100 - 800 different IPs per day, most of them
has only one attempt allowed here, it is some thousands of IPs in last
24 days (maximum ipset timeout) from whole word.

I am happy, that i long time ago decided to separate MX & MSA roles
even for my small email system, which allow me simple reject
"EHLO User" (and other strict rules) on MX port's 25, which are common
on MSA.

regards

Slavko