Once upon a time, Nick Jennings <nick@(protected):
> Thanks for your response. I should have mentioned that this server is
> meant to be a hosting server for both web and mail, and there is no way
> to effectively restrict based on trusted clients.
>
> Is there anything else perhaps more general for if not preventing, then
> deterring and slowing down this kind of attack?

Basically, if you plug a server into the Internet, it _will_ be
attacked. POP, IMAP, SMTP, SSH, FTP, and more will be probed, looking
for valid usernames/passwords (so always enforce password security on
your users).

I know denyhosts (in EPEL) can watch the SSH log and add bad IPs to
/etc/hosts.deny, but I don't know if it can parse dovecot log entries as
well.

--
Chris Adams <cmadams@(protected)>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list