防止smtp攻击的csf/lfd参数？

Question

我每天都有这样一个4~5MB的日志表！有人喜欢黑我的smtp：

....
--------------------- sasl auth daemon Begin ------------------------ 


 SASL Authentications failed 3965 Time(s)
 Service smtp (pam) - 3965 Time(s):
    Realm  - 3959 Time(s):
       User: account - PAM auth error - 346 Time(s):
       User: admin - PAM auth error - 346 Time(s):
       User: admin1 - PAM auth error - 147 Time(s):
       User: chris - PAM auth error - 346 Time(s):
       User: contact - PAM auth error - 6 Time(s):
       User: fax - PAM auth error - 346 Time(s):
       User: info1 - PAM auth error - 346 Time(s):
       User: master - PAM auth error - 346 Time(s):
       User: noname - PAM auth error - 346 Time(s):
       User: pamela - PAM auth error - 346 Time(s):
       User: scanner - PAM auth error - 346 Time(s):
       User: test1 - PAM auth error - 346 Time(s):
       User: user1 - PAM auth error - 346 Time(s):
    Realm xxxxx.com - 6 Time(s):
       User: contact@xxxxxxx.com - PAM auth error - 6 Time(s):


 **Unmatched Entries**

 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
.....

我应该更改哪些参数来防止smtp上的这种蛮力？我想我应该换个号码，但不知道是哪一个。

Answer 1

像这样的“如何处理蛮力攻击”的典型答案是使用fail2ban。如果您正在使用某种类型的web托管控制面板，您可能会发现已经存在与fail2ban相关的选项。