Hello all ,
I am having mailserver with centos 6.3 + cyrus-imad + postfix + ldap
We are using cyrus-sasl-2.1.23-13.el6.x86_64 with 'PAM' Mechanism .
Many spammer are trying to hack password for doing many authentication
with pop3 + imap + smtp services.
on server Fail2ban hass been added , but its blocking hacker IPs after
certain interval and not in real time. Which is the actual issue.
I am looking for some real-time blocking where that particular spammer
IP + email id must get block .
I believe this issue is very common with other too , is there any
option in 'saslauthd' / postfix / cyrus-imapd for below requirement ?
1) If server receive the wrong password , then is it possible to
introduce the delay of say 5-10 seconds to sender client ? So that
spammer will do less attempt ?
2) After given wrong password attempt more than 3 time , the particular
"IP + email id" must get block for next 5-10 min.
And then need to unblock after that.
3) I check PAM-ABL , but its not working for 'saslauthd'' with pop /
imap / smtp . Because I came to know that 'saslauthd'' is not getting IP
of source .
How to pass source IP to "saslauthd'' along with email id , password
and relam . Is there any patch available for this ?
Please suggest
Regards
Jayesh Shinde
