Thanks for the tipps guys!
I'll set up mail for ssl and try to move my clients over asap.
Concerning the fail2ban rules: i have some rules, following this tutorial:
So i got a rule for sasl that looks like this:
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = sasl
logpath = /var/log/mail.log
maxretry = 3
When i check the logs with the command suggested by pititis "fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf" i dont get any results though.
But in the attack on my server, the user apparently logged in with the correct (hacked) password, so i guess the sasl rule doesn't trigger in that case, is that right?
@leonheart82: Can you tell me which sasl rule you use? I'm curious about that, as it seems to be working.
which fail2ban rules would be responsible to block a single account from sending huge amouts of mails? Or do i just need a simple postfix rule for that?
@compugraphix: do you have any suggestions for courier-pop3(-ssl), courier-imap(-ssl) and smtp settings for fail2ban, or a good tutorial? I found this one: http://www.howtoforge.de/anleitung/v...f-debian-etch/
but it's from 2007, and there's no smtp rule.
thanks again for the help. you never stop learning here.