For wrong auth , how to block IP or introduce delay for sender in real time ?

Jayesh Shinde jayesh.shinde at netcore.co.in
Sat Oct 17 03:36:18 EDT 2015


Hello all  ,

I am having mailserver with centos 6.3 + cyrus-imad + postfix + ldap
We are using cyrus-sasl-2.1.23-13.el6.x86_64  with 'PAM' Mechanism .

Many spammer are trying to hack password for doing many authentication  
with pop3 + imap + smtp  services.
on server Fail2ban hass been  added , but its blocking hacker IPs after 
certain interval  and not in real time.  Which is the actual issue.

I am looking for some real-time blocking where that particular spammer 
IP + email id must get block  .

I believe this issue is very common with other too ,  is there any 
option in 'saslauthd'  /  postfix  / cyrus-imapd for below requirement ?

1)  If server receive the wrong password , then is it possible to 
introduce the delay of say 5-10 seconds to sender client ? So that 
spammer will do less attempt ?
2)  After given wrong password attempt more than 3 time , the particular 
"IP + email id" must get block for next 5-10 min.
And then need to unblock after  that.
3) I check PAM-ABL , but its not working for 'saslauthd'' with pop / 
imap / smtp . Because I came to know that 'saslauthd'' is not getting IP 
of source .
How to pass  source IP to "saslauthd''  along with email id , password 
and relam .  Is there any patch available for this ?

Please suggest

Regards
Jayesh Shinde


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20151017/4ce6f3f7/attachment.html 


More information about the Cyrus-sasl mailing list