Mail account brute force / harassment

Marc Roos M.Roos at f1-outsourcing.eu
Thu Apr 11 13:43:16 EEST 2019


Please do not assume anything other than what is written, it is a 
hypothetical situation

 
A. With the fail2ban solution
   - you 'solve' that the current ip is not able to access you
   - it will continue bothering other servers and admins
   - you get the next abuse host to give a try.

B. With 500GB dump
 - the owner of the attacking server (probably hacked) will notice it 
will be forced to take action.


If abuse clouds are smart (most are) they would notice that attacking my 
servers, will result in the loss of abuse nodes, hence they will not 
bother me anymore. 

If every one would apply strategy B, the abuse problem would get less. 
Don't you agree??






-----Original Message-----
From: Odhiambo Washington  
Sent: donderdag 11 april 2019 12:28
To: Marc Roos
Cc: dovecot
Subject: Re: Mail account brute force / harassment



On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot 
<dovecot at dovecot.org> wrote:




	Say for instance you have some one trying to constantly access an 
	account
	
	
	Has any of you made something creative like this:
	
	* configure that account to allow to login with any password
	* link that account to something like /dev/zero that generates 
infinite 
	amount of messages
	  (maybe send an archive of virusses?)
	* transferring TB's of data to this harassing client.
	
	I think it would be interesting to be able to do such a thing.
	
	


Instead of being evil, just use fail2ban to address this problem :-)  

-- 

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)




More information about the dovecot mailing list