On Mon, Nov 14, 2016 at 08:21:24PM -0800, vod vos wrote: > so are there any configurations to auto ban this kind of visit, like postfix > postscreen? > > or, I should write firewall rules to do the job?
I don't know if dovecot provides such functionality. I personally don't bother, since it quickly becomes a game of whack-a-mole. Plus, it's not always a malicious event. If the connection gets interrupted before the client sends its auth credentials, it looks the same as this type of scan. Basically, make sure users are using good, secure passwords, and make sure your software is all up to date. --Sean
