On 08/06/2014 03:09 PM, Dan McAllister wrote:
I am curious -- has anyone looked into a fail2ban implementation for QMT
One of my larger mail servers is being attacked (from China, currently,
but when it started in Malaysia and I blocked all malaysian IPs, they
just moved to another IP) with essentially a brute-force password
guessing attack on users in one of the domains.
They are using the SUBMISSION port to attempt logins, but I'd like to be
able to ban SUBMISSION as well as IMAP/POP access (independently, or
together) based on failed login attempts. (Ideally, same IP fail to
login on any of those ports more than 5 times in a 5 minute period, and
I'd like to simply tar-pit the entire IP address for 24 hours or so!)
I'm (as amazing as it sounds) not all that familiar with fail2ban, but
I've considered it several times and just never had the time to
investigate.
Assistance and experiences equally desired! :)
Dan McAllister
QMT DNS/Mirror Admin
In addition to the good stuff here, I just happened across this:
http://notes.sagredo.eu/node/170
Would someone care to critique it?
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
