I'm seeing a large number of brute-force attacks on Dovecot with credentials for a domain that is indeed hosted on the server, but for which the MX records have been configured to point to Google's mailservers. In other words: anything e-mail related is not handled at this server, so the attacks make no sense at all. But I guess checking the MX records is asking too much from hackers that are just copy-pasting dumb scripts hoping to find the right login/password combination by brute forcing.
Anyway, I was thinking: is there a way to just block any Dovecot or Exim attempt on a certain domain/user? I've found this thread from 2013, but I'm not sure if it applies to my situation. Will Martynas' solution work in this case?
Anyway, I was thinking: is there a way to just block any Dovecot or Exim attempt on a certain domain/user? I've found this thread from 2013, but I'm not sure if it applies to my situation. Will Martynas' solution work in this case?