Hello,
seeing this:
and taking in account that there is a NIDS taking care of this intruder but wanting to limit the amount of brute force attempts (from let's say 8 attempts to 3), is there a way to limit the frequency of authentication requests coming from the same IP in mail/postfix?
seeing this:
Code:
Sep 20 03:24:51 mail postfix/smtpd[52421]: warning: xx-xx-xx-xx-xx.xxxxxx.com[x.x.x.x]: SASL LOGIN authentication failed:
Sep 20 03:24:48 mail postfix/smtpd[52421]: warning: xx-xx-xx-xx-xx.xxxxxx.com[x.x.x.x]: SASL LOGIN authentication failed:
Sep 20 03:24:45 mail postfix/smtpd[52421]: warning: xx-xx-xx-xx-xx.xxxxxx.com[x.x.x.x]: SASL LOGIN authentication failed:
Sep 20 03:24:43 mail postfix/smtpd[52421]: warning: xx-xx-xx-xx-xx.xxxxxx.com[x.x.x.x]: SASL LOGIN authentication failed:
Sep 20 03:24:40 mail postfix/smtpd[52421]: warning: xx-xx-xx-xx-xx.xxxxxx.com[x.x.x.x]: SASL LOGIN authentication failed:
Sep 20 03:24:37 mail postfix/smtpd[51808]: warning: xx-xx-xx-xx-xx.xxxxxx.com[x.x.x.x]: SASL LOGIN authentication failed:
Sep 20 03:24:35 mail postfix/smtpd[51808]: warning: xx-xx-xx-xx-xx.xxxxxx.com[x.x.x.x]: SASL LOGIN authentication failed:
Sep 20 03:24:32 mail postfix/smtpd[51808]: warning: xx-xx-xx-xx-xx.xxxxxx.com[x.x.x.x]: SASL LOGIN authentication failed:
Last edited by a moderator: