SMTP bruteforce

X

xy16644

I have read many posts on this forum about preventing someone from bruteforcing SSH but can the same be done for SMTP?

Can I prevent someone from trying to bruteforce my password so that they can relay mail off my SMTP server?

Currently the only people that can relay mail off my mail server are those that authenticate (not even my internal machines can send mail without authenticating first).

I just wanted to make sure I was securing SMTP as much as I could. I suppose I could tweak my SMTP rule in pf to drop the connection after so many attempts?
 
I don't think this is something you have to worry about. I operate several mailservers and I have NEVER encountered attempts to brute force SMTP authentication. And needless to say - spammers have plenty of SMTP servers to send spam through, brute forcing SMTP auth is just waste of time.
 
If you're using Postfix, check out anvil.

It's also possible with a firewall. For PF, the options max-src-conn and max-src-conn-rate are available. The PF FAQ has more information about it: Stateful Tracking Options. The man pages also have it: pf.conf(5).

The version of PF also varies with the version of FreeBSD you're using. For 7, PF is at OpenBSD 4.1, and 6 is at OpenBSD 3.7. The FAQs have different versions.
 
You must log in or register to reply here.
Back
Top