Re: Bruteforce attack against smtp-auth

[mgotts () 2roads com]

> this day i've seen that somebody from China had tried to get an smtp
> login om a server. This was the first time i've seen something like
> this, bruteforce against ssh i've seen often but never against the
> mailserver. Now i'm interresed in if there a more people out there with
> similar experience an is there an suggestion to deal with this way of 
hacks?

I've not experienced this myself, since we don't use SMTP Auth, but it has 
been going on for years. I did a quick Google search on "smtp auth attack" 
and found lots of relevant hits, including how to secure a Postfix mail 
server against it (http://www.thecabal.org/~devin/postfix/smtp-auth.txt), 
a general description of the problem and some simple countermeasures (
http://www.vamsoft.com/authattack.asp), etc.

I did have to allow smtp relays for a remote office some years ago, and in 
addition to implementing smtp auth I also restricted relaying to 
particular IPs and/or subnets. Not a perfect solution, but it prevents any 
attacks on the smtp auth mechanism from outside those IPs.

-- Mark