Other Blocking domain and all it's subdomains

nforced

nforced

Something is playing aroung with my SMTPD (Postfix) I got my log full with things like
Code: 
connect from s15435057.onlinehome-server.com[74.208.73.121]
lost connection after AUTH from s15435057.onlinehome-server.com[74.208.73.121]
So what I would like to do is block everything that comes from onlinehome-server.com and *.onlinehome-server.com I was initially thinking about /etc/hosts.allow or PF.

I know I can do smtpd_client_restrictions on the Postfix side but that's not the same plus it won't prevent my log being filled with crap.

What is the "handbook" way of doing this?
 
You may want to have a look at security/py-fail2ban. This looks like a brute-force attempt and blocking this particular one won't help much, another will come in shortly after that. You will need to use some automated process that looks for failed attempts and block those for an hour or so.
 
You must log in or register to reply here.
Back
Top