Am 06.04.2013 14:24, schrieb Benny Pedersen:
Reindl Harald skrev den 2013-04-06 13:18:
has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs?
yes i have :)
pflogsumm
has to do what with IMAP/POP3 Logins?
i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls
its simple to make a filter that checks unknown user in postfix logs, its even more simple if one make syslog to sql, then postfix can live block that ip that sends to unknown users
but nobody speaks about postfix
- add the IP to a distributed "iptables-block.sh" and distribute it to any server with a comment and timestamp
- write a abuse-mail to the ISP
that would be cool, lol :)
what would be cool? what *lol*?
i speak about a simple way to get a notify of the brute-forcing IP and the both are MANUAL tasks i do since virtually forever