Hello everyone!
I would like to only allow SMTP authentication for specific IP addresses and block/ignore all others. I use fail2ban to fight off brute force attacks, which works well for this purpose. However, over the last few days I have been getting hit by thousands of unique IP's attempting to brute force the SMTP authentication (password guessing bots), and it's generating a ton of fail2ban alert emails as well as building an enormous list of blocked IP's. I hate to waste server resources on this, so I'd rather simply lock down the SMTP authentication service to only allow specific IP's and IP ranges, so fail2ban wouldn't need to process all of these.
Is there a simple way to do this without impacting incoming email? Perhaps using hosts.deny and hosts.allow maybe? I use them to lockdown ssh access to specific IP ranges, so I'm hoping I can do the same for SMTP authentication.
Thanks for any advice!
I would like to only allow SMTP authentication for specific IP addresses and block/ignore all others. I use fail2ban to fight off brute force attacks, which works well for this purpose. However, over the last few days I have been getting hit by thousands of unique IP's attempting to brute force the SMTP authentication (password guessing bots), and it's generating a ton of fail2ban alert emails as well as building an enormous list of blocked IP's. I hate to waste server resources on this, so I'd rather simply lock down the SMTP authentication service to only allow specific IP's and IP ranges, so fail2ban wouldn't need to process all of these.
Is there a simple way to do this without impacting incoming email? Perhaps using hosts.deny and hosts.allow maybe? I use them to lockdown ssh access to specific IP ranges, so I'm hoping I can do the same for SMTP authentication.
Thanks for any advice!
