All your approaches are not well thought out.
The best solutions are always the simplest ones.
KISS principle dictates so.

On Thu, 11 Apr 2019 at 15:01, Marc Roos <M.Roos@f1-outsourcing.eu> wrote:
 
How long have we been using the current strategy? Do we have less or
more abuse clouds operating?

"Let the others bother with their own problems." is a bit narrow minded
view. If every one on this mailing list would have this attitude, there
would be no single answer to your question.


-----Original Message-----
From: Odhiambo Washington [mailto:odhiambo@gmail.com]
Sent: donderdag 11 april 2019 12:54
To: Marc Roos
Cc: dovecot
Subject: Re: Mail account brute force / harassment

Marc,

There is a strategy loosely referred to as "choose your battles well"
:-)
If you can, hack the server and dump the 500GB - you'll be using
resources transferring the 500GB as the other server receives it. Two
servers wasting resources because you think you are punishing an
offender!


On Thu, 11 Apr 2019 at 13:43,  wrote:


        Please do not assume anything other than what is written, it is a
        hypothetical situation


        A. With the fail2ban solution
           - you 'solve' that the current ip is not able to access you
           - it will continue bothering other servers and admins
           - you get the next abuse host to give a try.

        B. With 500GB dump
         - the owner of the attacking server (probably hacked) will notice
it
        will be forced to take action.


        If abuse clouds are smart (most are) they would notice that
attacking my
        servers, will result in the loss of abuse nodes, hence they will
not
        bother me anymore.

        If every one would apply strategy B, the abuse problem would get
less.
        Don't you agree??






        -----Original Message-----
        From: Odhiambo Washington 
        Sent: donderdag 11 april 2019 12:28
        To: Marc Roos
        Cc: dovecot
        Subject: Re: Mail account brute force / harassment



        On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot
        <dovecot@dovecot.org> wrote:




                Say for instance you have some one trying to constantly
access an
                account


                Has any of you made something creative like this:

                * configure that account to allow to login with any
password
                * link that account to something like /dev/zero that
generates
        infinite
                amount of messages
                  (maybe send an archive of virusses?)
                * transferring TB's of data to this harassing client.

                I think it would be interesting to be able to do such a
thing.




        Instead of being evil, just use fail2ban to address this problem
:-) 

        --

        Best regards,
        Odhiambo WASHINGTON,
        Nairobi,KE
        +254 7 3200 0004/+254 7 2274 3223
        "Oh, the cruft.", grep ^[^#] :-)






--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)




--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)