I have a small mail server using Postfix 2.9.1. Many times since bringing it online, I've had machines from random places around the world try to guess passwords, my hunch is to use my server to spam. While I'm confident that they have not yet been able to break in, the server slows considerably for legitimate use while such an attack is happening. The person yesterday tried logging in over 19,000 times using different names.
I do not know if what I'm thinking is possible, but it makes enough sense that I'm sure somebody's already thought of it and made something to do exactly this. I've googled for quite a while and haven't been able to find what I'm looking for though; I'm probably just searching with the wrong terms.
My idea is to limit how many failed login attempts are allowed from a given IP address during a specified period of time. For example, if someone tries to login with the wrong password 10 times in a 2 minutes, assume that they're trying to break in and disallow connections from that IP for 10 minutes.
Does anyone know if such an animal already exists and what it might be called? (I don't mind searching & learning on my own - just haven't been able to find anything so far.
)
I do not know if what I'm thinking is possible, but it makes enough sense that I'm sure somebody's already thought of it and made something to do exactly this. I've googled for quite a while and haven't been able to find what I'm looking for though; I'm probably just searching with the wrong terms.
My idea is to limit how many failed login attempts are allowed from a given IP address during a specified period of time. For example, if someone tries to login with the wrong password 10 times in a 2 minutes, assume that they're trying to break in and disallow connections from that IP for 10 minutes.
Does anyone know if such an animal already exists and what it might be called? (I don't mind searching & learning on my own - just haven't been able to find anything so far.
)