Am 17.10.2015 um 09:45 schrieb Jayesh Shinde: > Hello all , > > I am having mailserver with centos 6.3 + cyrus-imad + postfix + ldap > > Many spammer are trying to hack password for doing many authentication > with pop3 + imap + smtp services. > on server Fail2ban has been added , but its blocking hacker IPs after > certain interval and not in real time. Which is the actual issue. > > I am looking for some real-time blocking where that particular spammer > IP + email id must get block . > > I believe this issue is very common with other too , is there any > option in 'saslauthd' / postfix / cyrus-imapd for below requirement ? > > 1) If server receive the wrong password , then is it possible to > introduce the delay of say 5-10 seconds to sender client ? So that > spammer will do less attempt ? > 2) After given wrong password attempt more than 3 time , the particular > "IP + email id" must get block for next 5-10 min. > And then need to unblock after that. > 3) I check PAM-ABL , but its not working for 'saslauthd'' with pop / > imap / smtp . Because I came to know that 'saslauthd'' is not getting IP > of source . > How to pass source IP to "saslauthd'' along with email id , password > and relam . Is there any patch available for this ? > > > Please suggest > > Regards > Jayesh Shinde
perhaps you wanna poke with this https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/ https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/ http://blog.schaal-24.de/firewall/postfix-postscreen-ip-in-die-firewall-eintragen/ Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
