One of the problems I've noticed recently is that there are constant attacks against the email server.

These attacks are

  • POP3 dictionary attacks, where the attacker connects to the POP3 server and constantly tries a new user name and password, for each connection.
  • SMTP AUTH attacks, where the attacker connects to the SMTP server and constantly tries out unique user names and passwords in a single session.

After determining these attacks, I reviewed the email server architecture, and checked for ways to beef up the email server.

Eventually, I determined that the best way to protect against these attacks is to develop new extensions for the email server.

These extensions protect the email server by rejecting IPs that have connected too frequently, and placing these IPs on a blacklist.

The email server is currently being monitored for the effectiveness of these extensions.