Mail account brute force / harassment

Joseph Tam jtam.home at gmail.com
Fri Apr 12 01:20:33 EEST 2019


On Thu, 11 Apr 2019, Marc Roos wrote:

> Say for instance you have some one trying to constantly access an
> account
>
> Has any of you made something creative like this:
>
> * configure that account to allow to login with any password
> * link that account to something like /dev/zero that generates infinite
> amount of messages
>  (maybe send an archive of virusses?)
> * transferring TB's of data to this harassing client.
>
> I think it would be interesting to be able to do such a thing.

As would finding the person responsible and outing them in public --
both are fantasies that do not scale to practice.

It's a costly countermeasure, and do you really want to engage in
an internet fistfight where your opponent has anonymity, access to
compromised servers or botnet, and no scruples against launching a DDoS
attacks against you?

Block them and move on.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list