[CentOS] Sendmail SMTP Brute-Force Attack

m.roth at 5-cent.us

m.roth at 5-cent.us
Fri Jun 15 17:04:38 UTC 2012


Shiv. Nath wrote:
> On 6/14/12 11:33 PM, Gustavo Lacoste wrote:
>> Dear CentOS Community
>>
>> Is totally clear there's no support sendmail platform today, but I need
>> to stop SMTP brute-force attack on sendmail. My server is attacked today,
>> my maillog look like :
>>
>> 4624 at myserver.com>, proto=ESMTP, daemon=MTA, relay=myserver.com
>> [127.0.0.1]
>> Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=<>,
>> size=3958,
>> class=0, nrcpts=1, msgid=<201206142307.q5EN710u024623 at myserver.com>,
>> proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1]
<snip>
>> I need help for STOP this spamers right now.
>
> there are few solutions available to do this.
>
> 1.) install & configure fail2ban
>
> 2.) Using IP Tables: i don't know if it is applicable to you
<snip>
I strongly encourage you to use fail2ban. Which, btw, rewrites iptables
rules on the fly....

Speaking of which... are other folks seeing a low-level (that is, hit, try
later, hit, try later, etc, over weeks, rather than trytrytrytrytrytrytry
in one shot) from
inetnum:         91.201.64.0 - 91.201.67.255
netname:         Donekoserv
descr:           DonEkoService Ltd
country:         RU

This is explicitly against PMA, which I gather, is apache-pma.

        mark




More information about the CentOS mailing list