>I know what you are asking, but I have never looked into that. With regard >to brute force defense, can the email server be configured to lock the >accounts after x amount of failed attempts?
Locking the account locks it for the legit user, too. the best tactic is reactive blocking for z time of an IP that fails x times in y minutes, which only works if an IP is retrying. If the attack is coming from single/few/infrequent attempts from many IPs, then the reactive blocking won't work. On IMGate, I do reactive blocking of attacks on SSH, FTP, SMTP, but there's only so much you can do. Of course, every account must have a strong password. Len ______________________________________________ IMGate OpenSource Mail Firewall www.IMGate.net To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
