Am 18.07.2017 um 22:53 schrieb mj: > Hi Robert, > > On 07/18/2017 10:15 PM, mj wrote: >> Robert, your iptables suggestions are _very_ interesting! However, >> will they also work on imaps/993, because of the ssl? > > I have adjusted and put into place your iptables suggestion like this: >> iptables -I INPUT -p tcp --dport 143 -m string --algo bm --string >> '1q2w3e4r' -j DROP >> iptables -I INPUT -p tcp --dport 993 -m string --algo bm --string >> '1q2w3e4r' -j DROP
dont speculate verify if your bots are using ssl , and what flows over the wire if plain is used, you dont need to use 1q2w3e4r, i think you can use any dovecot answer that "means rejected", sorry no time to test myself > > However, I don't think it's working, as the login attempts just keep > coming. Probably the reason is: smtp is plain text, and imap TLS/SSL is > not, so the rules never get triggered. > > MJ Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
