On Wed, 10 Feb 2010, David Lord wrote: > On 10 Feb 2010 at 8:17, Davide Libenzi wrote: > > > On Wed, 10 Feb 2010, David Lord wrote: > > > > > > > > I've not seen this before today but XMail fell > > > over during a pop3 password attack. > > > > > > pop3 connections at firewall > > > Feb 10 05:00-06:00 0 > > > Feb 10 06:00-07:00 1161 > > > Feb 10 07:00-08:00 9851 > > > Feb 10 08:00-09:00 248 > > > Feb 10 09:00-10:00 0 > > > > > > Pop3 log on one server has 4987 entries all > > > "ELOGIN" but nothing else. Second server on > > > network has 3 similar entries from Feb 6. > > > > > > Can I just add offending source ip range to spammers.tab > > > or is it best to block at firewall? > > > > > > I believe firewall can block on connection rate so > > > might investigate that. > > > > Firewall is better suited for things like that. That $hit does not even > > bother your server, in that way. > > > > A couple of /8 blocks added as I was setting off out > for afternoon when I spotted the problem. > > Are attacks on pop3 something recent, or have I just > been lucky?
No, I saw them too recently. I've setup a connection throttling with iptables. - Davide _______________________________________________ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail