Hello David, thanks for your information. Maybe fail2ban is a solution. I would prefer to solve the problem with board funds from James.
Perhaps the solution would be to extend the handlers to stop after a certain number of failed attempts? Best wishes Günter > David Matthews <m...@dmatthews.org.invalid> hat am 07.06.2023 10:29 CEST > geschrieben: > > > >I run a James mail server (james-server-spring-app-3.8.0). The log file > >shows that the server is constantly being attacked. This is normal, the > >server is on the Internet. > > My experience is that there is a sharp increase on attacks on small mail > servers since maybe April. This is not a James issue - I run exim/dovecot in > production setup. > > I'd strongly suggest looking at fail2ban and this may give a pointer:- > > https://dmatthews.org/webmail.html#fail2ban > > Fortunately for me fail2ban's regex for exim is ok as is; writing regex is > one of my least favourite tasks. Using James, you'll have some work to do > there. > > As an aside, it seems more or less concurrent to this large increase in > attacks, free email providers are all tying to get a phone number from you. > Gmail, not so forcefully, but another foreign provider (I have these legacy > accounts for testing purposes) told me there had been a hacked entry into my > account and to do a password reset I now have to supply a phone number. For > sure they are lying and there is no way they'll get a phone number from me > :-) Online attack on anonymity? > > -- > David Matthews > m...@dmatthews.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org -- Günter Paul Hirschbachstraße 4a 53506 Ahrbrück Tel.: +4926436747 Mobile: +491759140889 --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org