Postfix - Limit Rate of Failed Logins?

Ruler2112

Ruler2112

I have a small mail server using Postfix 2.9.1. Many times since bringing it online, I've had machines from random places around the world try to guess passwords, my hunch is to use my server to spam. While I'm confident that they have not yet been able to break in, the server slows considerably for legitimate use while such an attack is happening. The person yesterday tried logging in over 19,000 times using different names.

I do not know if what I'm thinking is possible, but it makes enough sense that I'm sure somebody's already thought of it and made something to do exactly this. I've googled for quite a while and haven't been able to find what I'm looking for though; I'm probably just searching with the wrong terms.

My idea is to limit how many failed login attempts are allowed from a given IP address during a specified period of time. For example, if someone tries to login with the wrong password 10 times in a 2 minutes, assume that they're trying to break in and disallow connections from that IP for 10 minutes.

Does anyone know if such an animal already exists and what it might be called? (I don't mind searching & learning on my own - just haven't been able to find anything so far. :( )
 
Thanks for the tips guys. I knew that something like this had to exist! :) Going to look into the ports you mentioned and get something configured.

Thanks again - you guys here are awesome.
 
Ruler2112 said:
I have a small mail server using Postfix 2.9.1. Many times since bringing it online, I've had machines from random places around the world try to guess passwords, my hunch is to use my server to spam. While I'm confident that they have not yet been able to break in, the server slows considerably for legitimate use while such an attack is happening. The person yesterday tried logging in over 19,000 times using different names.
Click to expand...

I've not tried it but that looks to be a job for the Postfix anvil(8) daemon.
http://www.postfix.org/anvil.8.html
 
You must log in or register to reply here.
Back
Top