Author: WJCarpenter Date: To: Exim Mailing List Subject: Re: [exim] automatically blacklisting clients that fail SMTP
authentication
> . using fail2ban
I second the idea of using fail2ban (or something similar). It's
completely non-invasive.
It can be a slight inconvenience if you have users behind NAT firewalls
coming to your server (which includes most home routers). One clumsy
person mistyping a webmail password a couple of times looks out
everybody using that shared public IP address. OTOH, fail2ban is
tunable and is typically configured to only block the IP address for
10-20 minutes. That's enough to turn back most attacking bots (or at
least give your machine a rest) and tolerable for the false alarm cases.