[plug] SMTP AUTH
Brad Campbell
brad at fnarfbargle.com
Fri Aug 25 17:00:59 AWST 2023
G'day all,
I have an exim4 server at home which behaves as our main inbound and mail spool. I currently have SMTP AUTH enabled for a single user (me) so I can send E-mail when I'm outside of the network.
Lately (last week or so), we're being hammered with SMTP AUTH attacks. They're either coming from a botnet or using spoofed addresses because they never use the same address twice (which makes fail2ban and the like pretty useless).
Temporarily I've disabled AUTH while I have a think about it. I'm not worried about them getting in, there's one non-obvious username and a very complex password. Just found by removing AUTH from the server the botnet goes away pretty quickly and the probes stop.
To pair with Exim4 I use Dovecot. I had originally thought about the old POP/IMAP before SMTP auth trick, and dovecot makes this easy as I can write a bit of automation to allow relaying from any address that has a current dovecot session.
This sounded like a good idea until I had a look at the logs, and of course most of my external traffic comes from behind various CGNAT systems. I realise the risk is pretty low that someone is going to try and relay from behind the same address I'm currently on, but it did give me pause.
Is anyone using something more than basic SMTP AUTH?
Regards,
Brad
More information about the plug
mailing list