Am 06.04.2013 14:24, schrieb Benny Pedersen: > Reindl Harald skrev den 2013-04-06 13:18: > >> has someone a script which can filter out dictionary attacks >> from /var/log/maillog and notify about the source-IPs? > > yes i have :) > > pflogsumm
has to do what with IMAP/POP3 Logins? >> i know about fail2ban and so on, but i would like to have >> a mail with the IP address for two reasons and avoid fail2ban >> at all because it does not match in the way we maintain firewalls > > its simple to make a filter that checks unknown user in postfix logs, its > even more simple if one make syslog to > sql, then postfix can live block that ip that sends to unknown users but nobody speaks about postfix >> * add the IP to a distributed "iptables-block.sh" and distribute >> it to any server with a comment and timestamp >> * write a abuse-mail to the ISP > > that would be cool, lol :) what would be cool? what *lol*? i speak about a simple way to get a notify of the brute-forcing IP and the both are MANUAL tasks i do since virtually forever
signature.asc
Description: OpenPGP digital signature
