Am 18.07.2017 um 22:53 schrieb mj:
Hi Robert,
On 07/18/2017 10:15 PM, mj wrote:
Robert, your iptables suggestions are _very_ interesting! However, will they also work on imaps/993, because of the ssl?
I have adjusted and put into place your iptables suggestion like this:
iptables -I INPUT -p tcp --dport 143 -m string --algo bm --string '1q2w3e4r' -j DROP iptables -I INPUT -p tcp --dport 993 -m string --algo bm --string '1q2w3e4r' -j DROP
dont speculate verify if your bots are using ssl , and what flows over the wire if plain is used, you dont need to use 1q2w3e4r, i think you can use any dovecot answer that "means rejected", sorry no time to test myself
However, I don't think it's working, as the login attempts just keep coming. Probably the reason is: smtp is plain text, and imap TLS/SSL is not, so the rules never get triggered.
MJ
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein