[Dovecot] script to detect dictionary attacks
Reindl Harald
h.reindl at thelounge.net
Sat Apr 6 15:43:42 EEST 2013
Am 06.04.2013 14:24, schrieb Benny Pedersen:
> Reindl Harald skrev den 2013-04-06 13:18:
>
>> has someone a script which can filter out dictionary attacks
>> from /var/log/maillog and notify about the source-IPs?
>
> yes i have :)
>
> pflogsumm
has to do what with IMAP/POP3 Logins?
>> i know about fail2ban and so on, but i would like to have
>> a mail with the IP address for two reasons and avoid fail2ban
>> at all because it does not match in the way we maintain firewalls
>
> its simple to make a filter that checks unknown user in postfix logs, its even more simple if one make syslog to
> sql, then postfix can live block that ip that sends to unknown users
but nobody speaks about postfix
>> * add the IP to a distributed "iptables-block.sh" and distribute
>> it to any server with a comment and timestamp
>> * write a abuse-mail to the ISP
>
> that would be cool, lol :)
what would be cool?
what *lol*?
i speak about a simple way to get a notify of the brute-forcing IP
and the both are MANUAL tasks i do since virtually forever
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130406/830e9844/attachment.bin>
More information about the dovecot
mailing list