Jayesh Shinde:
> Hello all ,
>
> I am having mailserver with centos 6.3 + cyrus-imad + postfix + ldap
>
> Many spammer are trying to hack password for doing many authentication
> with pop3 + imap + smtp services.
> on server Fail2ban has been added , but its blocking hacker IPs after
> certain interval and not in real time. Which is the actual issue.
Fail2ban has about 1-second time resolution, what do you mean with
real time?
> I am looking for some real-time blocking where that particular spammer
> IP + email id must get block .
>
> I believe this issue is very common with other too , is there any
> option in 'saslauthd' / postfix / cyrus-imapd for below requirement ?
>
> 1) If server receive the wrong password , then is it possible to
> introduce the delay of say 5-10 seconds to sender client ? So that
> spammer will do less attempt ?
Postfix has a mechanism to deal with clients that make errors, but
this does not distinguish between AUTH errors or other errors.
Note: these settings should not be used on a mail server that handles
a high volume of traffic. Delay-after-error may result in an "all
server ports busy" condition, causing delays for legitimate email.
/etc/postfix/main.cf:
# Pause after 1 error, disconnect after 2 errors.
smtpd_soft_error_limit = 1
smtpd_hard_error_limit = 2
smtpd_error_sleep_time = 2s
That should be enough for fail2ban to do its work.
There is no smtpd_client_auth_rate_limit feature, but adding one
would be a simple matter of duplicating some code that already
implements the smtpd_client_new_tls_session_rate_limit feature.
> 2) After given wrong password attempt more than 3 time , the particular
> "IP + email id" must get block for next 5-10 min.
Use fail2ban for that. Postfix will not do things like disabling
accounts or changing configuration settings.
Wietse
