« previous next »
Pages: [1]   Go Down

Author Topic: Mailserver hacking attempts increased quite a bit  (Read 786 times)

0 Members and 1 Guest are viewing this topic.

Offline bingo600Topic starter

  • Super Contributor
  • ***
  • Posts: 1989
  • Country: dk
Mailserver hacking attempts increased quite a bit
« on: July 29, 2023, 12:28:11 pm »
My Fail2Ban is currently banning 200+ unsuccesful maillogin attempts per day, on my server.
That's a huge increase that has occurred, during the last 2 month or so.

Nothing to do about it  :--

Glad i have fail2ban installed  :-+ :-+

/Bingo
Logged
 

Offline bitwelder

  • Frequent Contributor
  • **
  • Posts: 967
  • Country: fi
Re: Mailserver hacking attempts increased quite a bit
« Reply #1 on: July 31, 2023, 06:23:40 am »
"maillogin" i.e. somebody trying to authenticate on it to send (likely) spam around the 'net ?

But yes, fail2ban is often quite essential if one has to keep a server exposed
Logged
 

Online madires

  • Super Contributor
  • ***
  • Posts: 7766
  • Country: de
  • A qualified hobbyist ;)
Re: Mailserver hacking attempts increased quite a bit
« Reply #2 on: August 04, 2023, 02:36:06 pm »
A few weeks back some botnet started running a new spam method. They are performing RCPT flooding, i.e. one email with 100 receipients (random names from a list, same domain). At first I set up an increasing delay (below the TCP timeout) for each RCPT, causing the bots being kept busy for several hours. >:D Then I switched to a filter rule which responds with an error after a few failed RCPTs. Around last weekend there was an aggressive classic SPAM compaign.
Logged
 
Pages: [1]   Go Up
« previous next »

Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf

 


EEVblog Main Site EEVblog on Youtube EEVblog on Twitter EEVblog on Facebook EEVblog on Odysee