I am curious -- has anyone looked into a fail2ban implementation for QMT
One of my larger mail servers is being attacked (from China, currently, but when it started in Malaysia and I blocked all malaysian IPs, they just moved to another IP) with essentially a brute-force password guessing attack on users in one of the domains.
They are using the SUBMISSION port to attempt logins, but I'd like to be able to ban SUBMISSION as well as IMAP/POP access (independently, or together) based on failed login attempts. (Ideally, same IP fail to login on any of those ports more than 5 times in a 5 minute period, and I'd like to simply tar-pit the entire IP address for 24 hours or so!)
I'm (as amazing as it sounds) not all that familiar with fail2ban, but I've considered it several times and just never had the time to investigate.
Assistance and experiences equally desired! :) Dan McAllister QMT DNS/Mirror Admin -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com