1

Topic: spambots continues login attempts

I have continues attempts to login to my mail server from sime kind of spam bot. What kind of measures can be taken against this?
Is policy supposed to block these attempts, and not working properly?
For the moment I blocked this ip address with iptables. Here comes a part of my dovecot.log with attempts every second

dovecot: 2010-03-19 01:37:55 Info: pop3-login: Aborted login (auth failed, 1 attempts): user=<access@example.com>, method=PLAIN, rip=66.45.253.138, lip=server_ip
dovecot: 2010-03-19 01:37:55 Info: pop3-login: Aborted login (auth failed, 1 attempts): user=<pwrchute@example.com>, method=PLAIN, rip=66.45.253.138, lip=server_ip
dovecot: 2010-03-19 01:37:56 Info: pop3-login: Aborted login (auth failed, 1 attempts): user=<access@example.com>, method=PLAIN, rip=66.45.253.138, lip=188.40.95.111
dovecot: 2010-03-19 01:37:56 Info: pop3-login: Aborted login (auth failed, 1 attempts): user=<account@example.com>, method=PLAIN, rip=66.45.253.138, lip=server_ip
dovecot: 2010-03-19 01:37:57 Info: pop3-login: Aborted login (auth failed, 1 attempts): user=<pwrchute@example.com>, method=PLAIN, rip=66.45.253.138, lip=server_ip
dovecot: 2010-03-19 01:37:57 Info: pop3-login: Aborted login (auth failed, 1 attempts): user=<pwrchute@example.com>, method=PLAIN, rip=66.45.253.138, lip=server_ip
dovecot: 2010-03-19 01:37:57 Info: pop3-login: Aborted login (auth failed, 1 attempts): user=<access@example.com>, method=PLAIN, rip=66.45.253.138, lip=server_ip

Any suggestions? Very appreciated

2

Re: spambots continues login attempts

Google 'fail2ban'