This program design to detects the brute force attack of Mail.
Basically, it is detected through Scapy. When the conditions are met, Use iptables for post-processing protection.
Only for the mail service provided by postfix and dovecot.
Other related packages are not tested. But modified through syslog and regular expressions. it should work.
Python Version : 2.7.13
Postfix and Dovecot need to enable the SASL (Default : disable).
The scapy library needs to be downloaded and installed.
- Clone.
- Create a passlist.txt in the same directory as passlist.txt.
- Enter the whitelisted IP into the file.
- Notice attention to permissions and paths
- Set manual execution or execution at startup, but remember, it should be tested first.