Re: Mail account brute force / harassment

Am 11.04.2019 um 12:28 schrieb Odhiambo Washington via dovecot dovecot@dovecot.org:

On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot mailto:dovecot@dovecot.org> wrote:

Say for instance you have some one trying to constantly access an account

Has any of you made something creative like this:

• configure that account to allow to login with any password
• link that account to something like /dev/zero that generates infinite amount of messages (maybe send an archive of virusses?)
• transferring TB's of data to this harassing client.

I think it would be interesting to be able to do such a thing.

Instead of being evil, just use fail2ban to address this problem :-)

fail2ban is a good solution. I don't see any benefits in granting access to pop/imap as well. On the other hand if you to this with smtp, your service is probably abused for sending spam which you could use to train your spam filters :-)

Best regards Gerald