qmail submission-login brute force

Post Reply
ServerDude
Junior Member
Posts: 6
Joined: 16 Sep 2021, 10:41

qmail submission-login brute force

Post by ServerDude »

Good Morning,

We're running Interworx servers with qmail and have noticed that submission-logins aren't being blocked. Below is what the log entries look like in dovecot.log

Sep 15 11:01:23 submission-login: Info: Remote closed connection (auth failed, 1 attempts in 3 secs): user=, method=LOGIN, rip=, lip=, TLS, session=

We can sometimes see a few hundred attempts an hour from a single IP. Is there a regex for this type of attack?
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: qmail submission-login brute force

Post by Sergio »

Hi.
You can create your own regex that should be written at /usr/local/csf/bin/regex.custom.pm

That is a nice way to block anything.
Post Reply