Lately, my maillog shows large numbers of attempts to relay mail through my host. The attempts show up in the logfile as failed password checks, i.e.

        vpopmail[19950]: vchkpw-smtp: vpopmail user not
        found alex@:

The attackers are trying a sequence of 93 distinct usernames - administrator, alice, alex, andy etc. - and a variety of passwords.

The majority of the attacks originate from dynamic IPs on Taiwanese ISPs and

I'm not particularly concerned that they'll break in, but I'd like to block them anyway, if only to keep my SMTP ports clear for legitimate traffic.

Is there a vpopmail equivalent of 'denyhosts' - something that allows a limited number of failed attempts before automatically blocking all subsequent connections from that IP?



Reply via email to