Re: attack pop3/imap/smtp

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: attack pop3/imap/smtp
From: Shams Fantar <sfantar@snurf.info>
Date: Sun, 19 Apr 2009 22:11:19 +0200
Message-id: <[🔎] 49EB8567.6020506@snurf.info>
In-reply-to: <[🔎] 49EB6E35.8000204@kraja.net>
References: <[🔎] 49EB6E35.8000204@kraja.net>

michal krajcirovic wrote:
> Hello,
> addresses the delicate problem :-) The customer has on our mailserver
> your domain, there about 10 mailboxes. The problem is that the
> connections are constantly on the pop3/imap/smtp
> random@customerdomain.cz. That sometimes appears the attack is normal,
> but this problem more than a month, for example, now over 12 hours we
> have more than 340 000 invalid login (or attempting to them) to an
> invalid address.
>
> I installed fail2ban, but the problem persists, the majority of the IP
> request comes just a few.
>
> Can someone have a solution?
>
> m.
>
>

Somes solutions exist. That depends on one thing, this is always the
same IP or a new at each attack ?

You can use iptables to drop packets from attacks' IP(s) or you can put
IP(s) into /etc/hosts.deny.

You can also try to submit an abus to IP's ISP (just do a "whois" on the
IP).

-- 
http://snurf.info - http://about-gnulinux.info
Hebergez vos projets libres : http://freehosting.snurf.info
« Honesty is the best policy »

Reply to:

References:
- attack pop3/imap/smtp
  - From: michal krajcirovic <konference@kraja.net>

Prev by Date: Re: KDE4 dual monitor window maximizing behaviour
Next by Date: Re: please help me to migrate to french-mailing-list
Previous by thread: Re: attack pop3/imap/smtp
Next by thread: please help me to migrate to french-mailing-list
Index(es):
- Date
- Thread