9 Apr
2013
9 Apr
'13
9:39 a.m.
Hi Reindl.
I have a similar script to detect brute force attacs to dovecot sasl auth sistem, it's very simple to adapt to pop/imap failures log:
http://psi.com.br/~julio/postfix/sasl-killer.sh
Regards,
--
_ Julio Cesar Covolato
0v0 <julio@psi.com.br>/(_)\ F: 55-11-3129-3366 ^ ^ PSI INTERNET
Em 06-04-2013 08:18, Reindl Harald escreveu:
Hi
has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs?
i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls
- add the IP to a distributed "iptables-block.sh" and distribute it to any server with a comment and timestamp
- write a abuse-mail to the ISP