Chris Adams wrote: > Once upon a time, Nick Jennings <[EMAIL PROTECTED]> said: > >> Thanks for your response. I should have mentioned that this server is >> meant to be a hosting server for both web and mail, and there is no way >> to effectively restrict based on trusted clients. >> >> Is there anything else perhaps more general for if not preventing, then >> deterring and slowing down this kind of attack? >> > > Basically, if you plug a server into the Internet, it _will_ be > attacked. POP, IMAP, SMTP, SSH, FTP, and more will be probed, looking > for valid usernames/passwords (so always enforce password security on > your users). > > I know denyhosts (in EPEL) can watch the SSH log and add bad IPs to > /etc/hosts.deny, but I don't know if it can parse dovecot log entries as > well. > > You could try something like http://www.fail2ban.org/wiki/index.php/Main_Page
It blocks on so many bad attempts I also know that xinetd has some type of throttling support. you could try throttling or traffic shaping. I think iptables or something can do that. Jason _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
