qmail submission-login brute force
Posted: 16 Sep 2021, 10:56
Good Morning,
We're running Interworx servers with qmail and have noticed that submission-logins aren't being blocked. Below is what the log entries look like in dovecot.log
Sep 15 11:01:23 submission-login: Info: Remote closed connection (auth failed, 1 attempts in 3 secs): user=, method=LOGIN, rip=, lip=, TLS, session=
We can sometimes see a few hundred attempts an hour from a single IP. Is there a regex for this type of attack?
We're running Interworx servers with qmail and have noticed that submission-logins aren't being blocked. Below is what the log entries look like in dovecot.log
Sep 15 11:01:23 submission-login: Info: Remote closed connection (auth failed, 1 attempts in 3 secs): user=, method=LOGIN, rip=, lip=, TLS, session=
We can sometimes see a few hundred attempts an hour from a single IP. Is there a regex for this type of attack?