[Dovecot] script to detect dictionary attacks
Stephen Davies
sdavies at sdc.com.au
Sun Apr 7 02:40:05 EEST 2013
Here is the simplex script that I use to filter attacking sites.
I should be easy to add your extra bits (email etc).
Cheers,
Stephen
#! /bin/sh
d=`date +"%b %d"`
grep "$d" /var/log/mail/info.log|grep ruleset=check_rcp | gawk
'{split($0,q,/[\[\]]/);print "/sbin/iptables -A INPUT -s " q[4] "/32 -j
DROP"}' | sort -u > /tmp/fw$$
#reset iptable to base
/etc/rc.d/rc.fw > /dev/null 2>&1
#add new filter(s)
. /tmp/fw$$
rm -f /tmp/fw$$
--
=============================================================================
Stephen Davies Consulting P/L Phone: 08-8177 1595
Adelaide, South Australia. Mobile:040 304 0583
Records & Collections Management.
More information about the dovecot
mailing list