Re: [exim] Stopping Bruteforceattacks

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Terry
Date:  
À: exim-users
Sujet: Re: [exim] Stopping Bruteforceattacks
On 25/07/2012 07:33, Lena@??? wrote:
> From: Cyborg <cyborg2@???>
>
> does anyone have a working solution for this :
>
> 2012-07-25 07:09:11 plain authenticator failed for ([192.168.0.232])
> [216.214.153.238]: 535 Incorrect authentication data (set_id=aidan)


I use ConfigServer Security & Firewall (CSF). Very simple to set up and
maintain. Low resource usage. http://configserver.com/cp/csf.html

Handles this type of attack well. I've noticed lately that some of the
same IPs that are trying brute force attacks on exim are also targeting
dovecot. CSF deals with these as well. When an IP is blocked, you can
set the options to receive a notification and the notification contains
IP and set-id.

Caveat: I run a very small mailserver (> 100 accounts> so not sure how
it scales.

--
Terry