Edward Betts <edward@4angle.com>:
Jorge Bastos <mysql.jorge@decimal.pt> wrote:
What do you see in the logs? My guess is that someone is trying a brute force auth against you,
Thanks Jorge, I think this is the answer. I'm using dovecot for exim4 SMTP authentication. The exim4 logs show brute force attacks.
A little late response, but since you're using debian you could try pulling in fail2ban: apt-get install fail2ban
fail2ban scans the logs of various services for attacks and firewalls out the attacking IP addresses.
There are no built-in rules for exim or dovecot in the debian fail2ban package, but there is something here that could possibly be adapted...? http://wiki2.dovecot.org/HowTo/Fail2Ban
Here's a filter for exim: https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/exim.conf