Shiv. Nath wrote:
On 6/14/12 11:33 PM, Gustavo Lacoste wrote:
Dear CentOS Community
Is totally clear there's no support sendmail platform today, but I need to stop SMTP brute-force attack on sendmail. My server is attacked today, my maillog look like :
4624@myserver.com>, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=<>, size=3958, class=0, nrcpts=1, msgid=201206142307.q5EN710u024623@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1]
<snip>
I need help for STOP this spamers right now.
there are few solutions available to do this.
1.) install & configure fail2ban
2.) Using IP Tables: i don't know if it is applicable to you
<snip> I strongly encourage you to use fail2ban. Which, btw, rewrites iptables rules on the fly....
Speaking of which... are other folks seeing a low-level (that is, hit, try later, hit, try later, etc, over weeks, rather than trytrytrytrytrytrytry in one shot) from inetnum: 91.201.64.0 - 91.201.67.255 netname: Donekoserv descr: DonEkoService Ltd country: RU
This is explicitly against PMA, which I gather, is apache-pma.
mark