[Dovecot] script to detect dictionary attacks

Stephen Davies sdavies at sdc.com.au
Sun Apr 7 02:40:05 EEST 2013


Here is the simplex script that I use to filter attacking sites.
I should be easy to add your extra bits (email etc).

Cheers,
Stephen

#! /bin/sh
d=`date +"%b %d"`
grep "$d" /var/log/mail/info.log|grep ruleset=check_rcp | gawk 
'{split($0,q,/[\[\]]/);print "/sbin/iptables -A INPUT -s " q[4] "/32 -j 
DROP"}' | sort -u > /tmp/fw$$
#reset iptable to base
/etc/rc.d/rc.fw > /dev/null 2>&1
#add new filter(s)
. /tmp/fw$$
rm -f /tmp/fw$$

-- 
=============================================================================
Stephen Davies Consulting P/L                           Phone: 08-8177 1595
Adelaide, South Australia.                                Mobile:040 304 0583
Records & Collections Management.


More information about the dovecot mailing list