26 Jul
2017
26 Jul
'17
9:44 p.m.
On 26/07/2017 10:57, Olaf Hopp wrote:
I'll keep an eye on my logs and maybe some more twaeking is necessary.
Twerking?
So this doesn't look very well coordinated between the bots ;-)
Bots are cheap - free, basically, because they are stolen. Most bruteforce attacks are crap; they try the same username/password pair on the same host over and over again.
I would like to be able to signal to the bot "Dude, I do not accept username/password pairs - you need a keypair, so give it a rest". But the bots are dumb, because the economic advantage of building a smart one is zero.
BTW: I don't think this is on-topic for Dovecot - we seem to be discussing mail-abuse abatement measures, which is a much more general topic.
-- Jack.