[Dovecot] script to detect dictionary attacks
Reindl Harald
h.reindl at thelounge.net
Sat Apr 6 14:18:29 EEST 2013
Hi
has someone a script which can filter out dictionary attacks
from /var/log/maillog and notify about the source-IPs?
i know about fail2ban and so on, but i would like to have
a mail with the IP address for two reasons and avoid fail2ban
at all because it does not match in the way we maintain firewalls
* add the IP to a distributed "iptables-block.sh" and distribute
it to any server with a comment and timestamp
* write a abuse-mail to the ISP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130406/3e504d27/attachment.bin>
More information about the dovecot
mailing list