I have used fail2ban quite a while and it does work pretty well. Dropping banned IPs has the advantage of reducing your bandwidth some and delaying things for the spammer / attacker.
It can be configured with different time limits and frequency for blocking. For example look 1 week back and if IP had 10 failed login attempts, block it for 2 days... or look at 2 days and block for a week. It is very easy to look for various different types of data in the log files, not only failed logins. ~ A ---- From: Tim Lyth <[email protected]> -- Sent: 17/03/2014 - 08:21 ---- > On 17/03/2014 17:22, Aidas Kasparas wrote: > > Hi, > > > > what do you use to prevent brute force attacks over pop3/imap protocols? > > For ssh denyhosts works well enough, I would like to have something for > > mail services too. > > > Hi Aidas, > > fail2ban is a commonly used solution for this situation. > It automatically adds iptables rules to drop traffic from IP's which > repeatedly hit the various log files. > It has plenty of configuration options. > It either supports courier's log format out-of-the-box or can be easily > configured to do so. > > Regards, > Tim Lyth > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > > http://p.sf.net/sfu/13534_NeoTech_______________________________________________ > courier-users mailing list > [email protected] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
