> Essence of my question was not "how to block manually an already > known malicious client?" but "how to apply some restrictions > automatically on any suspicious clients?”
Take a look at Fail2Ban or SSHGuard. They keep an eye on your logs and add firewall rules dynamically. They also expire the rules eventually. There is one more thing to consider: If your users mistype their username or password when setting up their mail application, they’ll end up on the blacklist, because mail clients usually try multiple times. When they can’t make the connection, they’ll check their config, notice the error and correct it. When they still can’t connect - because they are now blacklisted, they’ll want support. (Executive summary: Expect more support calls if you set this up.) -- Cheers Petri GSM +358 400 505 939
