[Dovecot] Logging passwords on auth failure/dealing with botnets

Noel noeldude at gmail.com
Sun Sep 1 22:59:35 EEST 2013


On 9/1/2013 10:00 AM, Charles Marcus wrote:
> On 2013-08-30 7:55 PM, Joseph Tam <jtam.home at gmail.com> wrote:
>> Michael Smith writes:
>>
>>> We're already running fail2ban, but it doesn't seem that effective
>>> against botnets, when they only do one attempt per IP.
>>
>> Yeah, distributed BFDs are tough to block unless you can
>> characterize
>> the clients well.
>
> Wonder if there's a way to leverage Stan Hoeppner's most excellent
> botnet killer to reject AUTHs from the same types of clients
> before they even try?
>
> Stan?
>

The objective of Stan's list is to reject dynamic hosts, because the
overwhelming majority of dynamic hosts trying to send via SMTP are
zombies.

For dovecot, the situation is quite different. Blocking all dynamic
IPs would be an obvious mistake.


  -- Noel Jones


More information about the dovecot mailing list