[Dovecot] script to detect dictionary attacks
Marcin Mirosław
marcin at mejor.pl
Sat Apr 6 15:14:34 EEST 2013
W dniu 2013-04-06 13:18, Reindl Harald pisze:
> Hi
Hi!
> has someone a script which can filter out dictionary attacks
> from /var/log/maillog and notify about the source-IPs?
>
> i know about fail2ban and so on, but i would like to have
> a mail with the IP address for two reasons and avoid fail2ban
> at all because it does not match in the way we maintain firewalls
>
> * add the IP to a distributed "iptables-block.sh" and distribute
> it to any server with a comment and timestamp
> * write a abuse-mail to the ISP
>
What about ...fail2ban?:) You can define to run any script when fail2ban
detects bruteforce. You can pass <ip> as parameter to script. Fail2ban
can also send email to proper abuse. Maybe I'm wrong but reading what
you wrote about needings it looks fail2ban can do it.
Marcin
More information about the dovecot
mailing list