Mail account brute force / harassment
Jean-Daniel Dupas
jddupas at xooloo.com
Fri Apr 12 18:05:54 EEST 2019
> Le 11 avr. 2019 à 12:23, Marc Roos via dovecot <dovecot at dovecot.org> a écrit :
>
>
>
> Say for instance you have some one trying to constantly access an
> account
>
>
> Has any of you made something creative like this:
>
> * configure that account to allow to login with any password
> * link that account to something like /dev/zero that generates infinite
> amount of messages
> (maybe send an archive of virusses?)
> * transferring TB's of data to this harassing client.
>
> I think it would be interesting to be able to do such a thing.
As long as you have infinite bandwidth, that may be fun, but it is not the case for most people operating a mail server I think.
For theses clients, I simply have fail2ban and DROP packages of blocked IP (I prefer to DROP because I don't want to waste resources responding that the connection is refused).
More information about the dovecot
mailing list