Lately, my maillog shows large numbers of attempts to relay mail
through my host. The attempts show up in the logfile as failed
password checks, i.e.
vpopmail[19950]: vchkpw-smtp: vpopmail user not
found alex@:114.44.124.32
The attackers are trying a sequence of 93 distinct usernames -
administrator, alice, alex, andy etc. - and a variety of passwords.
The majority of the attacks originate from dynamic IPs on Taiwanese
ISPs hinet.net and tfn.net.tw.
I'm not particularly concerned that they'll break in, but I'd like to
block them anyway, if only to keep my SMTP ports clear for legitimate
traffic.
Is there a vpopmail equivalent of 'denyhosts' - something that allows
a limited number of failed attempts before automatically blocking all
subsequent connections from that IP?
Angus
!DSPAM:49315ff332311731918534!
