SMTP Auth Delay

[hci]

I often see my email server hammered with SMTP authentication attempts attempting to guess passwords. "535 Incorrect authentication data" Is there a way to ratelimit them so after an IP has failed say 20 attempts to put a 10 second or so delay between each attempt?

Is there also a way to block an SMTP authentication attempt from a given IP address?

 

[Richard G]

You can youse CSF/LFD (configserver firewall) which is free. We use it on all our servers, it also detects these authentication attemps they will be blocked automatically. Indefinately or temporarily, depending on how you set it up.