michal krajcirovic wrote: > Hello, > addresses the delicate problem :-) The customer has on our mailserver > your domain, there about 10 mailboxes. The problem is that the > connections are constantly on the pop3/imap/smtp > [email protected]. That sometimes appears the attack is normal, > but this problem more than a month, for example, now over 12 hours we > have more than 340 000 invalid login (or attempting to them) to an > invalid address. > > I installed fail2ban, but the problem persists, the majority of the IP > request comes just a few. > > Can someone have a solution? > > m. > >
Somes solutions exist. That depends on one thing, this is always the same IP or a new at each attack ? You can use iptables to drop packets from attacks' IP(s) or you can put IP(s) into /etc/hosts.deny. You can also try to submit an abus to IP's ISP (just do a "whois" on the IP). -- http://snurf.info - http://about-gnulinux.info Hebergez vos projets libres : http://freehosting.snurf.info « Honesty is the best policy » -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
