Security Incidents mailing list archives
Re: Bruteforce attack against smtp-auth
From: mgotts () 2roads com
Date: Wed, 10 Jan 2007 10:14:22 -0800
this day i've seen that somebody from China had tried to get an smtp login om a server. This was the first time i've seen something like this, bruteforce against ssh i've seen often but never against the mailserver. Now i'm interresed in if there a more people out there with similar experience an is there an suggestion to deal with this way of
hacks? I've not experienced this myself, since we don't use SMTP Auth, but it has been going on for years. I did a quick Google search on "smtp auth attack" and found lots of relevant hits, including how to secure a Postfix mail server against it (http://www.thecabal.org/~devin/postfix/smtp-auth.txt), a general description of the problem and some simple countermeasures ( http://www.vamsoft.com/authattack.asp), etc. I did have to allow smtp relays for a remote office some years ago, and in addition to implementing smtp auth I also restricted relaying to particular IPs and/or subnets. Not a perfect solution, but it prevents any attacks on the smtp auth mechanism from outside those IPs. -- Mark
Current thread:
- Bruteforce attack against smtp-auth Philipp Frik (Jan 09)
- Re: Bruteforce attack against smtp-auth mgotts (Jan 11)
- Re: Bruteforce attack against smtp-auth Peter Morgan (Jan 12)
- Re: Bruteforce attack against smtp-auth mgotts (Jan 11)