<div dir="ltr">All your approaches are not well thought out.<div>The best solutions are always the simplest ones.</div><div>KISS principle dictates so.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 11 Apr 2019 at 15:01, Marc Roos <<a href="mailto:M.Roos@f1-outsourcing.eu">M.Roos@f1-outsourcing.eu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <br>
How long have we been using the current strategy? Do we have less or <br>
more abuse clouds operating? <br>
<br>
"Let the others bother with their own problems." is a bit narrow minded <br>
view. If every one on this mailing list would have this attitude, there <br>
would be no single answer to your question.<br>
<br>
<br>
-----Original Message-----<br>
From: Odhiambo Washington [mailto:<a href="mailto:odhiambo@gmail.com" target="_blank">odhiambo@gmail.com</a>] <br>
Sent: donderdag 11 april 2019 12:54<br>
To: Marc Roos<br>
Cc: dovecot<br>
Subject: Re: Mail account brute force / harassment<br>
<br>
Marc,<br>
<br>
There is a strategy loosely referred to as "choose your battles well" <br>
:-) <br>
If you can, hack the server and dump the 500GB - you'll be using <br>
resources transferring the 500GB as the other server receives it. Two <br>
servers wasting resources because you think you are punishing an <br>
offender!<br>
<br>
<br>
On Thu, 11 Apr 2019 at 13:43, wrote:<br>
<br>
<br>
Please do not assume anything other than what is written, it is a <br>
hypothetical situation<br>
<br>
<br>
A. With the fail2ban solution<br>
- you 'solve' that the current ip is not able to access you<br>
- it will continue bothering other servers and admins<br>
- you get the next abuse host to give a try.<br>
<br>
B. With 500GB dump<br>
- the owner of the attacking server (probably hacked) will notice <br>
it <br>
will be forced to take action.<br>
<br>
<br>
If abuse clouds are smart (most are) they would notice that <br>
attacking my <br>
servers, will result in the loss of abuse nodes, hence they will <br>
not <br>
bother me anymore. <br>
<br>
If every one would apply strategy B, the abuse problem would get <br>
less. <br>
Don't you agree??<br>
<br>
<br>
<br>
<br>
<br>
<br>
-----Original Message-----<br>
From: Odhiambo Washington <br>
Sent: donderdag 11 april 2019 12:28<br>
To: Marc Roos<br>
Cc: dovecot<br>
Subject: Re: Mail account brute force / harassment<br>
<br>
<br>
<br>
On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot <br>
<<a href="mailto:dovecot@dovecot.org" target="_blank">dovecot@dovecot.org</a>> wrote:<br>
<br>
<br>
<br>
<br>
Say for instance you have some one trying to constantly <br>
access an <br>
account<br>
<br>
<br>
Has any of you made something creative like this:<br>
<br>
* configure that account to allow to login with any <br>
password<br>
* link that account to something like /dev/zero that <br>
generates <br>
infinite <br>
amount of messages<br>
(maybe send an archive of virusses?)<br>
* transferring TB's of data to this harassing client.<br>
<br>
I think it would be interesting to be able to do such a <br>
thing.<br>
<br>
<br>
<br>
<br>
Instead of being evil, just use fail2ban to address this problem <br>
:-) <br>
<br>
-- <br>
<br>
Best regards,<br>
Odhiambo WASHINGTON,<br>
Nairobi,KE<br>
+254 7 3200 0004/+254 7 2274 3223<br>
"Oh, the cruft.", grep ^[^#] :-)<br>
<br>
<br>
<br>
<br>
<br>
<br>
-- <br>
<br>
Best regards,<br>
Odhiambo WASHINGTON,<br>
Nairobi,KE<br>
+254 7 3200 0004/+254 7 2274 3223<br>
"Oh, the cruft.", grep ^[^#] :-)<br>
<br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223<br>"<span style="font-size:12.8px">Oh, the cruft.</span><span style="font-size:12.8px">", </span><span style="font-size:12.8px">grep ^[^#] :-)</span></div></div></div></div></div>