Fail2Ban is an excellent tool to deal with this sort of thing.
On Mon, 19 Sep 2011 10:05:47 -0700, Rick Baartman wrote
From my secure log:
Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aaron Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 Sep 19 01:16:45 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user abby
etc. Literally, 30,000 user names attempted.
rick baartman
TRIUMF 4004 Wesbrook Mall Vancouver, BC V6T2A3
I've stopped trying to catch up, I'm just trying to limit the rate at which I'm falling behind
John Alexander