On Fri, 9 Jan 2026, John Fawcett wrote:
I find it useful (both on Postfix and Dovecot) to apply XBL to block
connection to authenticated services.
I grep'd through last week's logs for probable brute forcers, and check the
IPs against 3 RBLs. (Many IPs tried only once.)
Aggregate statistics:
87 - - - (No hits)
46 + - -
32 + + -
9 + - +
6 + + +
5 - + -
4 - - +
102/189 (54%) were listed by at least one of the RBLs, with the following stats
RBL hits rate rate (>0 hits)
(col#1) bl.blocklist.de 93 49% 91%
(col#2) auth.spamrats.com 52 28% 51%
(col#3) xbl.spamhaus.org 19 10% 19%
You should try one of the other 2 RBLs: they specificaly list brute
forcers. I use them as pre-emptive block-on-sight for SMTP auth, and
I don't recall ever getting a false positive.
Joseph Tam <[email protected]>
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
