For the paranoid (like myself), there's always fail2ban ( http://www.fail2ban.org/ ). It worked perfectly for me in stopping bruteforce attacks on my ssh port.
Basically it monitors a log and bans (with iptables, for example) IPs for a period of time after a certain number of authentication failures. Cheers, João Vale On Fri, 2007-09-28 at 07:06 -0400, Sam Varshavchik wrote: > Michelle Konzack writes: > > > Since arround one week I have very heavy Dictionary attacs (over 300000 > > per day from more then 7000 different IP's) on my courier-mta which > > servs for 17.000 users in the french gov. > > > > On the <exim-user> list they used the following to stop it. > > > > But how can I do this with <courier-mta>? > > > > I like to reduce the faild connection per IP to 10 per hour and I think, > > this is enough to will heavy slow down the hack attempts... > > There is no rate metering of this kind possible, but what exactly is the > negative impact from this? This is an average of three and a half probes per > second, which, if you weren't looking at the logs, you would've never > noticed. > > The reason it's only three and a half probes per second is, of course, > Courier's automatic tarpit. Without it you'll probably have thirty million > probes per day. So you have a lot of crap in your mail logs. So what. It's > not the end of the world. > > You should consider using the CBL blacklist, which probably has most of > these compromised hosts listed, already. This won't have much impact on the > probes, but should cut down on the spam. > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ courier-users mailing list > courier-users@lists.sourceforge.net Unsubscribe: > https://lists.sourceforge.net/lists/listinfo/courier-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
