SMTP auth & DoS filter
Posted: Wed Dec 05, 2018 9:08 am
Hello!
It seems repetitive smtp auth failures do not trigger DoS filter. I see lot of messages in my zimbra.log
But IP 49.73.158.65 is not suspended. So there is possibility to brute force account password by SMTP auth. How can I prevent it?
Where is SASL log in zimbra? How can I figure out which account was used for auth?
It seems repetitive smtp auth failures do not trigger DoS filter. I see lot of messages in my zimbra.log
Code: Select all
Dec 4 12:34:17 mail postfix/smtpd[19169]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:19 mail postfix/smtpd[19745]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:23 mail postfix/smtpd[19169]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:27 mail postfix/smtpd[19169]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:30 mail postfix/smtpd[19745]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:33 mail postfix/smtpd[19169]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:37 mail postfix/smtpd[19745]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:40 mail postfix/smtpd[19169]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:41 mail postfix/smtpd[19745]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:43 mail postfix/smtpd[19169]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Dec 4 12:34:45 mail postfix/smtpd[19745]: warning: unknown[49.73.158.65]: SASL LOGIN authentication failed: authentication failure
Where is SASL log in zimbra? How can I figure out which account was used for auth?