On Wed, 10 Feb 2010, David Lord wrote: > > I've not seen this before today but XMail fell > over during a pop3 password attack. > > pop3 connections at firewall > Feb 10 05:00-06:00 0 > Feb 10 06:00-07:00 1161 > Feb 10 07:00-08:00 9851 > Feb 10 08:00-09:00 248 > Feb 10 09:00-10:00 0 > > Pop3 log on one server has 4987 entries all > "ELOGIN" but nothing else. Second server on > network has 3 similar entries from Feb 6. > > Can I just add offending source ip range to spammers.tab > or is it best to block at firewall? > > I believe firewall can block on connection rate so > might investigate that.
Firewall is better suited for things like that. That $hit does not even bother your server, in that way. - Davide _______________________________________________ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail