Am 04.02.2014 18:40, schrieb Marc Perkel: > Hope to get some attention about this idea to reduce hacking passwords. > > Here is a list of about 700,000 IP addresses that are hacking passwords > through SMTP AUTH > > http://ipadmin.junkemailfilter.com/auth-hack.txt > > This is a list of IP addresses that attempted to authenticate against my fake > AUTH advertizing on servers with no > authentication. We do front end spam filtering for thousands of domains and I > decided to advertize authentication > where there is none and I accept and blackhole all authenticated email to > those servers. I have harvested the IP > addresses in this list that is available through an RBL. > > It seems to me that a nice dovecot feature would be the ability to do a black > list check against IP addresses > connecting and deny access if listed. > > Thoughts?
a limit of failed auth-tries without a succesful one would be better and strip down logging after it is blocked instead having thousands of lines from fools trying a dictionary * ip <xx.xx.xx.xx> blocked after XX auth tries within XX minutes * blocking of ip <xx.xx.xx.xx> released (XX tries blockd) something like that but with focus in failed logins anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limit = 50 smtpd_client_recipient_rate_limit = 400 smtpd_recipient_limit = 100
signature.asc
Description: OpenPGP digital signature
