For wrong auth , how to block IP or introduce delay for sender in real time ?

Marcus Schopen lists at localguru.de
Sat Oct 17 07:03:16 EDT 2015


Hi Jayesh ,

Am Samstag, den 17.10.2015, 13:06 +0530 schrieb Jayesh Shinde:
> Hello all  , 
> 
> I am having mailserver with centos 6.3 + cyrus-imad + postfix + ldap 
> We are using cyrus-sasl-2.1.23-13.el6.x86_64  with 'PAM' Mechanism . 
> 
> Many spammer are trying to hack password for doing many authentication
> with pop3 + imap + smtp  services. 
> on server Fail2ban hass been  added , but its blocking hacker IPs
> after certain interval  and not in real time.  Which is the actual
> issue. 
> 
> I am looking for some real-time blocking where that particular
> spammer IP + email id must get block  .

I'm using fail2ban too and I don't understand what you mean by "real
time". In my configuration the ban is set immediately after three failed
logins (no delay) and for more extended banning of persistent abusers I
use the recidive filter.


> I believe this issue is very common with other too ,  is there any
> option in 'saslauthd'  /  postfix  / cyrus-imapd for below
> requirement ? 
> 
> 1)  If server receive the wrong password , then is it possible to
> introduce the delay of say 5-10 seconds to sender client ? So that
> spammer will do less attempt ?
> 2)  After given wrong password attempt more than 3 time , the
> particular "IP + email id" must get block for next 5-10 min. 
> And then need to unblock after  that.  
> 3) I check PAM-ABL , but its not working for 'saslauthd'' with pop /
> imap / smtp . Because I came to know that 'saslauthd'' is not getting
> IP of source .  
> How to pass  source IP to "saslauthd''  along with email id , password
> and relam .  Is there any patch available for this ? 
> 

Ciao!



More information about the Cyrus-sasl mailing list