My suggestion is instead extending the logic to prevent bruteforce instead.
For example:If you run a webhosting company, use geoIP to disable logins to accounts that do not originate from the same country as their payment method. Since this rule are set up account-wise, you can still easily target the whole world, since a USA customer will only be able to login from USA and a Sweden customer will only be able to login from Sweden.
Another way, is for example to restrict logins to the only very same range that they used first to login. This allows dynamic users to use your mailservice, while HEAVILY cutting down on bruteforce. For example, if I login today to your mail service with IP 94.185.86.58, the login will be restricted to 94.185.80.0 - 94.185.87.255 (even if the above IP in fact is a static IP, I just gave a example how you could make sure dynamic users are not constantly locked out when their IP change) This can be easily checked in the whois. And the whois lookup only needs to be done when a login to the control panel or webmail is done from a new IP location.
This will cut down on bruteforce extremely much.To allow a customer to bypass this restriction, you could have some control panel, of course protected with Captcha and relevent web anti-bruteforce techniques, where they can access a control panel and add/remove ranges and/or countries as wish, if they for example is going for travel or needs to login from a new location. To make it easier for the customer, you could easily have such as when they login to webmail or control panel with valid Captcha and username/password, the IP range or country of the remote host is automatically added as authorized.
-----Ursprungligt meddelande----- From: Ram
Sent: Saturday, September 12, 2015 8:55 PM To: Postfix users Subject: keeping off brute force password attempts I am seeing a surge in the number of password attempts both at my postfix smtp servers as well as imap servers These attacks seem to be targetted since the attempts are made at correct userids At one instance I have seen mails being sent impersonating a valid sender asking for money to be transferred for some service. This makes it very risky. I tried implementing banip and blocked a few ips but that did not work for long. Many customers are behind a single gateway and when someone has an old account configured on some device the number of failed attempts cross threshold easily. So I end up blocking a good ip address I guess this must a common problem. Is there a standard "good practices"list to keep these scammers/spammers off
smime.p7s
Description: S/MIME Cryptographic Signature
