under some kind of attack
Robert Schetterer
rs at sys4.de
Wed Jul 19 00:50:50 EEST 2017
Am 18.07.2017 um 22:53 schrieb mj:
> Hi Robert,
>
> On 07/18/2017 10:15 PM, mj wrote:
>> Robert, your iptables suggestions are _very_ interesting! However,
>> will they also work on imaps/993, because of the ssl?
>
> I have adjusted and put into place your iptables suggestion like this:
>> iptables -I INPUT -p tcp --dport 143 -m string --algo bm --string
>> '1q2w3e4r' -j DROP
>> iptables -I INPUT -p tcp --dport 993 -m string --algo bm --string
>> '1q2w3e4r' -j DROP
dont speculate verify if your bots are using ssl , and what flows over
the wire if plain is used, you dont need to use 1q2w3e4r, i think you
can use any dovecot answer that "means rejected", sorry no time to test
myself
>
> However, I don't think it's working, as the login attempts just keep
> coming. Probably the reason is: smtp is plain text, and imap TLS/SSL is
> not, so the rules never get triggered.
>
> MJ
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list