-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Postfix spam messages #830
base: master
Are you sure you want to change the base?
Conversation
Detect and block persistent spammers
@kravietz can you please provide some tests / sample logs ? see https://doc.crowdsec.net/docs/next/scenarios/create#create-our-test |
@buixor Sure, here are just a few recent log entries matched by this rule:
|
Another question any reasonyou didn't incorporate it within the current postfix-logs parser under |
@LaurenceJJones No, I did it in a separate file exclusively to avoid messing up the existing parser but once you're happy with it it would absolutely make sense to keep them in one file. |
Capture attempts to brute force Postfix SASL authentication bruteforcing ``` Feb 28 13:41:10 mail postfix/smtpd[98013]: warning: unknown[114.243.105.223]: SASL PLAIN authentication failed: (reason unavailable), [email protected] ```
Capture attempts to brute force Postfix SASL authentication bruteforcing ``` Feb 28 13:41:10 mail postfix/smtpd[98013]: warning: unknown[114.243.105.223]: SASL PLAIN authentication failed: (reason unavailable), [email protected] ```
It has been now merged into the main |
Sample log for the third (SASL bruteforcing) rule:
|
Detect and block persistent spammers