On 25/07/2012 07:33, Lena@??? wrote:
> From: Cyborg <cyborg2@???>
>
> does anyone have a working solution for this :
>
> 2012-07-25 07:09:11 plain authenticator failed for ([192.168.0.232])
> [216.214.153.238]: 535 Incorrect authentication data (set_id=aidan)
I use ConfigServer Security & Firewall (CSF). Very simple to set up and
maintain. Low resource usage.
http://configserver.com/cp/csf.html
Handles this type of attack well. I've noticed lately that some of the
same IPs that are trying brute force attacks on exim are also targeting
dovecot. CSF deals with these as well. When an IP is blocked, you can
set the options to receive a notification and the notification contains
IP and set-id.
Caveat: I run a very small mailserver (> 100 accounts> so not sure how
it scales.
--
Terry