View Single Post
  #7  
Old 29th March 2013, 12:59
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 89 Times in 68 Posts
Default

Quote:
Originally Posted by compugraphix View Post
if i was you i would install fail2ban and turn it on for courier-pop3(-ssl), courier-imap(-ssl) and smtp configuration and try to move your clients over to the ssl variant of your mail setup cause this is much more secure.

Could be somebody hacked the password of a mail user via bruteforce or some other way
I agree.

You can check if fail2fan is working with:

Code:
fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf
(example in ubuntu for the sasl filter)

You can check pop3, imap and so on as well. The report will give you something like this(bottom):

Code:
Success, the total number of match is 43
Reply With Quote