[CentOS] Sendmail SMTP Brute-Force Attack

Fri Jun 15 17:04:38 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

Shiv. Nath wrote:
> On 6/14/12 11:33 PM, Gustavo Lacoste wrote:
>> Dear CentOS Community
>> Is totally clear there's no support sendmail platform today, but I need
>> to stop SMTP brute-force attack on sendmail. My server is attacked today,
>> my maillog look like :
>> 4624 at myserver.com>, proto=ESMTP, daemon=MTA, relay=myserver.com
>> []
>> Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=<>,
>> size=3958,
>> class=0, nrcpts=1, msgid=<201206142307.q5EN710u024623 at myserver.com>,
>> proto=ESMTP, daemon=MTA, relay=myserver.com []
>> I need help for STOP this spamers right now.
> there are few solutions available to do this.
> 1.) install & configure fail2ban
> 2.) Using IP Tables: i don't know if it is applicable to you
I strongly encourage you to use fail2ban. Which, btw, rewrites iptables
rules on the fly....

Speaking of which... are other folks seeing a low-level (that is, hit, try
later, hit, try later, etc, over weeks, rather than trytrytrytrytrytrytry
in one shot) from
inetnum: -
netname:         Donekoserv
descr:           DonEkoService Ltd
country:         RU

This is explicitly against PMA, which I gather, is apache-pma.