You should try this: https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/qmail.conf
Ed On 08/06/2014 06:09 PM, Dan McAllister wrote:
I am curious -- has anyone looked into a fail2ban implementation for QMT One of my larger mail servers is being attacked (from China, currently, but when it started in Malaysia and I blocked all malaysian IPs, they just moved to another IP) with essentially a brute-force password guessing attack on users in one of the domains. They are using the SUBMISSION port to attempt logins, but I'd like to be able to ban SUBMISSION as well as IMAP/POP access (independently, or together) based on failed login attempts. (Ideally, same IP fail to login on any of those ports more than 5 times in a 5 minute period, and I'd like to simply tar-pit the entire IP address for 24 hours or so!) I'm (as amazing as it sounds) not all that familiar with fail2ban, but I've considered it several times and just never had the time to investigate. Assistance and experiences equally desired! :) Dan McAllister QMT DNS/Mirror Admin
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
