Fail2ban might be able to do the whack-a-mole in a sensible manner that
allowed for innocent interruptions but banned the bad guys
Ron
On 14/11/2016 11:39 PM, Sean Greenslade wrote:
On Mon, Nov 14, 2016 at 08:21:24PM -0800, vod vos wrote:
so are there any configurations to auto ban this kind of visit, like postfix
postscreen?
or, I should write firewall rules to do the job?
I don't know if dovecot provides such functionality. I personally don't
bother, since it quickly becomes a game of whack-a-mole. Plus, it's not
always a malicious event. If the connection gets interrupted before the
client sends its auth credentials, it looks the same as this type of
scan.
Basically, make sure users are using good, secure passwords, and make
sure your software is all up to date.
--Sean
--
Ron Wheeler
President
Artifact Software Inc
email: rwhee...@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102
