add parameters for "Login guessing protection"
I I have lot's of smtp and pop login attacks of robots on my server.
I would like to automatically blacklist IP who do this attack but I can't.
The robot do that (for exemple) :
He try to log in with a list of random users name just one time :
and do this for arround 50 users.
After, it starts again from the beginning
The IP of robot is the same but because the time between 2 attempts is long, the "Login guessing protection" security doesn't blacklist IP of this attack.
You could add parameters for this section with delay, number of attemps, blocking time, etc...to improve this section.
Robert Eldredge commented
See harvest attack that has higher votes.
Great idea! The only concern I have with this is that if you are using a third party anti-spam solution that serves as your MX records, then having this automatic blocking in place would stop all email from coming in.
Paul Petrov commented
Excellent suggestion - Kerio should automatically block IP addresses suspected of SMTP bruteforce / Dictionary attacks.
For example, if there are more than 5 attempts to connect from the same IP:
On the 5th attack attempt Kerio should block the source IP permanantly - with the option to manually release later.