I am seeing a surge in the number of password attempts both at my
postfix smtp servers as well as imap servers
These attacks seem to be targetted since the attempts are made at
correct userids
At one instance I have seen mails being sent impersonating a valid
sender asking for money to be transferred for some service. This makes
it very risky.
I tried implementing banip and blocked a few ips but that did not work
for long. Many customers are behind a single gateway and when someone
has an old account configured on some device the number of failed
attempts cross threshold easily. So I end up blocking a good ip address
I guess this must a common problem. Is there a standard "good practices"
list to keep these scammers/spammers off
- keeping off brute force password attempts Ram
-
