Blocking Ip After Smtp-maxerrors Reached, How to block an IP for a specific time?

[guru meditation]

I looked through the recent logfiles and see that, despite grey- and blacklisting (spamhaus) there are servers that try to send mails to dozens of non-existent email addresses. Even when the limit set in SMTP-MaxErrors (right now 4) is reached, they immediately reconnect and continue their stupid trial and error.

Is there any way to blacklist these servers for some time, say 30 seconds and refuse further connections from these IP addresses? Can this be implemented in a way that XMail doesn't even accept connections? Because filters can only react when the connection is already established again.

The problem for a script would be that it does not know whether XMail dropped the connection due to the maximum errors set in SMTP-MaxErrors.

[yartax]

Hi

This feature is in my interest too. every day I got thousands of connections trying to break emails accounts. My router often display many connections at a regular interval (says 30 tries per minute more or les) trying to break password.

Is there any manner to block the incoming IP request to smtp/pop after many unsuccessful retries with wrong accound/password?

Regards
Julian

[Digdug]

You could use a IDS firewall with Snort. It will also block POP3 brute force attempts.