rush23@gmx.net wrote:
is there any way to stop or if not reduce the spam, brute force attacks that are leaving my exit? Well port blocking or destination IP blocking is one way but without any relevant information except this hard, right? => https://cleantalk.org/blacklists/51.15.80.14
Stopped my exit for about 2-3 weeks awaiting lower number of complaints but nothing changed.
In the end I have to migrate from exit to relay unfortunately.
I don't think that there is any reason to try to limit that. All those brute forces are inoffensive. There's only lot of them because there is enough idiots that setup their access with ridiculous passwords. If there wouldn't be that many idiots, the brute force attacks would just disappear as they wouldn't be profitable to the script-kiddie anymore.
I have learned by experience that noobs learn best when they get to taste their inexperience. So in a sense, the brute force attacks are beneficial.
Unfortunately, a lot of noobs that foolishly rely on centralized blacklists. There's not much that can be done but teaching them how to do without them.
We have never delegated our filtering to third parties and never felt that we should do so. We get thousands of brute force attacks a day, SSH, SMTP AUTH, whatever. And so what? It does absolutely nothing.