I've got Authenticated relaying enabled. Any IP I put in Block hosts still gets through and I get warning mails about failed authentication. What to do?
doing some more tests on that blackhole dnat topic cause my site (with relay smtp auth needed) is permanently attacked..
dnat blackhole is running for me now, and the packets are not going into the smtp-proxy so no smtp auth is initiated.. (so no more dictionary attack)
what i did:
nothing special, 3 dnat rules (for our 3 public IPs) no automatic firewall ruie in the dnats, a firewall rule at first position which fetches the natted blackhole traffic and drops it.
it works now.. no more failed logins in user authentication daemon.. so no more packets to the smtp-proxy from the unwanted hosts
and in firewall log the nat rule and the packet filter rule appears which drops packet :-)
doing some more tests on that blackhole dnat topic cause my site (with relay smtp auth needed) is permanently attacked..
dnat blackhole is running for me now, and the packets are not going into the smtp-proxy so no smtp auth is initiated.. (so no more dictionary attack)
what i did:
nothing special, 3 dnat rules (for our 3 public IPs) no automatic firewall ruie in the dnats, a firewall rule at first position which fetches the natted blackhole traffic and drops it.
it works now.. no more failed logins in user authentication daemon.. so no more packets to the smtp-proxy from the unwanted hosts
and in firewall log the nat rule and the packet filter rule appears which drops packet :-)
