blocking access to saslauthd

Patrick Ben Koetter p at state-of-mind.de
Sat May 16 01:51:19 EDT 2009


* Russell Bell <russellbell at gmail.com>:
>      Quoth Dan White:  'Are you asking how to block all access to your
> server except for port 25?
> Could you clarify what activities you are trying to prevent?'
> 
> These entries,
> 
> May 10 04:10:44 monolake vsftpd: pam_succeed_if(vsftpd:auth): error
> retrieving information about user Administrator
> May 10 04:10:44 monolake vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
> May 10 04:10:44 monolake vsftpd: pam_unix(vsftpd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ftp ruser=Administrator
> rhost=219.232.225.213
> 
> of which I am finding tens of thousands daily in /var/log/secure.

Use fail2ban <http://www.fail2ban.org/wiki/index.php/Main_Page>.

p at rick

-- 
All technical answers asked privately will be automatically answered on
the list and archived for public access unless privacy is explicitely
required and justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


More information about the Cyrus-sasl mailing list