<div dir="ltr"><div>Marc,</div><div><br></div><div>There is a strategy loosely referred to as "choose your battles well" :-)</div><div>Let the others bother with their own problems.</div><div>If you can, hack the server and dump the 500GB - you'll be using resources transferring the 500GB as the</div><div>other server receives it. Two servers wasting resources because you think you are punishing an offender!</div><div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 11 Apr 2019 at 13:43, Marc Roos <<a href="mailto:M.Roos@f1-outsourcing.eu">M.Roos@f1-outsourcing.eu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Please do not assume anything other than what is written, it is a <br>
hypothetical situation<br>
<br>
<br>
A. With the fail2ban solution<br>
- you 'solve' that the current ip is not able to access you<br>
- it will continue bothering other servers and admins<br>
- you get the next abuse host to give a try.<br>
<br>
B. With 500GB dump<br>
- the owner of the attacking server (probably hacked) will notice it <br>
will be forced to take action.<br>
<br>
<br>
If abuse clouds are smart (most are) they would notice that attacking my <br>
servers, will result in the loss of abuse nodes, hence they will not <br>
bother me anymore. <br>
<br>
If every one would apply strategy B, the abuse problem would get less. <br>
Don't you agree??<br>
<br>
<br>
<br>
<br>
<br>
<br>
-----Original Message-----<br>
From: Odhiambo Washington <br>
Sent: donderdag 11 april 2019 12:28<br>
To: Marc Roos<br>
Cc: dovecot<br>
Subject: Re: Mail account brute force / harassment<br>
<br>
<br>
<br>
On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot <br>
<<a href="mailto:dovecot@dovecot.org" target="_blank">dovecot@dovecot.org</a>> wrote:<br>
<br>
<br>
<br>
<br>
Say for instance you have some one trying to constantly access an <br>
account<br>
<br>
<br>
Has any of you made something creative like this:<br>
<br>
* configure that account to allow to login with any password<br>
* link that account to something like /dev/zero that generates <br>
infinite <br>
amount of messages<br>
(maybe send an archive of virusses?)<br>
* transferring TB's of data to this harassing client.<br>
<br>
I think it would be interesting to be able to do such a thing.<br>
<br>
<br>
<br>
<br>
Instead of being evil, just use fail2ban to address this problem :-) <br>
<br>
-- <br>
<br>
Best regards,<br>
Odhiambo WASHINGTON,<br>
Nairobi,KE<br>
+254 7 3200 0004/+254 7 2274 3223<br>
"Oh, the cruft.", grep ^[^#] :-)<br>
<br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223<br>"<span style="font-size:12.8px">Oh, the cruft.</span><span style="font-size:12.8px">", </span><span style="font-size:12.8px">grep ^[^#] :-)</span></div></div></div></div></div></div>