No, fail2ban would also block legitimate users where the user may have flaky 
connection and doing one or more connections and not authenticating.

The SSL attempts for http could be blocked with fail2ban.

The other SSL attempts attempting to negotiate a old version, may block 
legitimate users trying to auth with an old client.

I would say, the best way to block these types of attacks is to terminate your 
SSL in your firewall, and just block anything not up to standards. Not ban, but 
just block the single transactuion by disconnecting the user. And anything OK 
you just fwd to your mail server unencrypted. Then the firewall takes the bang 
and your mail server receives only clean traffic.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to