Postfix brute force attack on port 25...

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix brute force attack on port 25...

edg973
Dear Postfix users,

I manage a postfix server (version 2.5.5)

I set fail2ban to stop brute force attack on port 25 for postfix (and auth command).

Today there are lots of ip banned for postfix... much more than usually... (see my log.txt)

Port 25 is set on my server to not allow sasl authentication...

I do not know how to stop this...

Otherwise in logs,  there are many entries as this one :

postfix/smtpd[32347]: warning: TLS library problem: 32347:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:293:
I desactivate support for SSL3 in postfix configuration... Does it rely to ?


Best Regards,

Ed






postconf.txt (31K) Download Attachment
log.txt (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Postfix brute force attack on port 25...

Viktor Dukhovni
On Wed, Mar 13, 2019 at 02:40:41PM -0300, Edouard Guigné wrote:

> Today there are lots of ip banned for postfix... much more than
> usually... (see my log.txt)

There is no evidence of brute-force SASL attacks in the logs.

> Otherwise in logs,  there are many entries as this one :
>
> *postfix/smtpd[32347]: warning: TLS library problem:
> 32347:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number:s3_pkt.c:293:*
> I desactivate support for SSL3 in postfix configuration... Does it rely to ?

These happen from time to time.  If you're getting the email you
expect, these can be ignored.

> 2bounce_notice_recipient = postmaster
> ...

[ Please post "postconf -n" output, not "postconf" ]

> smtp_tls_mandatory_protocols = TLSv1

This is a bad idea, instead: "!SSLv2, !SSLv3".  This should work
even with your 11-year old Postfix 2.5, though frankly an upgrade
is long overdue.

> smtpd_tls_mandatory_protocols = TLSv1

    Change to: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3

> Mar 13 14:14:20  postfix/smtpd[31593]: warning: restriction `reject_authenticated_sender_login_mismatch' ignored: no SASL support

Fix this.  If you don't enable SASL, don't use restrictions that
require SASL.

--
        Viktor.