sshblack does this nicely for ssh (port 22) attacks by monitoring the /var/log/secure file. I am considering rewriting this to POP3 port (110), but if it has already been done, I sure don't need the practice.
Thanks!
Has anyone implemented a script to block IPs which are attacking on POP3
ports using dovecot logs to indicate repetitive failed login attempts?
- [Dovecot] IP Tables block for POP3 attacks with Dovecot Pete Dubler
- Re: [Dovecot] IP Tables block for POP3 attacks with Do... Charles Marcus
- Re: [Dovecot] IP Tables block for POP3 attacks with Do... Sean Kamath
- Re: [Dovecot] IP Tables block for POP3 attacks wit... David McBride
