>>>>> Edward Betts <[email protected]>: > Jorge Bastos <[email protected]> wrote: >> What do you see in the logs? >> My guess is that someone is trying a brute force auth against you,
> Thanks Jorge, I think this is the answer. I'm using dovecot for exim4 SMTP > authentication. The exim4 logs show brute force attacks. A little late response, but since you're using debian you could try pulling in fail2ban: apt-get install fail2ban fail2ban scans the logs of various services for attacks and firewalls out the attacking IP addresses. There are no built-in rules for exim or dovecot in the debian fail2ban package, but there is something here that could possibly be adapted...? http://wiki2.dovecot.org/HowTo/Fail2Ban Here's a filter for exim: https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/exim.conf
