On 07/09/2021 20:05, Mike Hammett via mailop wrote: > Fail2Ban to the rescue! ;-)
Yes we noticed this too - over the last two months, one new single-mailbox server of ours experienced 38k SMTP connection attempts by attackers, 46k over IMAP. The attacks were clearly coordinated among different attacking IPs (around 150 of them) by multiple (presumably) criminal groups. Unfortunately fail2ban was not so useful with default settings because it uses predictable, timing-based detection; the top 100 username+password combinations can be cycled through while evading fail2ban in just a few days. We've added visualisation of such attacks to Lightmeter and are currently implementing crowd-based detection and recommended resolution which should be released in a few weeks 😀 Sam. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
