Author Topic: Mailserver hacking attempts increased quite a bit  (Read 699 times)

0 Members and 1 Guest are viewing this topic.

Offline bingo600Topic starter

  • Super Contributor
  • ***
  • Posts: 1963
  • Country: dk
Mailserver hacking attempts increased quite a bit
« on: July 29, 2023, 12:28:11 pm »
My Fail2Ban is currently banning 200+ unsuccesful maillogin attempts per day, on my server.
That's a huge increase that has occurred, during the last 2 month or so.

Nothing to do about it  :--

Glad i have fail2ban installed  :-+ :-+

/Bingo
 

Offline bitwelder

  • Frequent Contributor
  • **
  • Posts: 959
  • Country: fi
Re: Mailserver hacking attempts increased quite a bit
« Reply #1 on: July 31, 2023, 06:23:40 am »
"maillogin" i.e. somebody trying to authenticate on it to send (likely) spam around the 'net ?

But yes, fail2ban is often quite essential if one has to keep a server exposed
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 7643
  • Country: de
  • A qualified hobbyist ;)
Re: Mailserver hacking attempts increased quite a bit
« Reply #2 on: August 04, 2023, 02:36:06 pm »
A few weeks back some botnet started running a new spam method. They are performing RCPT flooding, i.e. one email with 100 receipients (random names from a list, same domain). At first I set up an increasing delay (below the TCP timeout) for each RCPT, causing the bots being kept busy for several hours. >:D Then I switched to a filter rule which responds with an error after a few failed RCPTs. Around last weekend there was an aggressive classic SPAM compaign.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf