OzPHB wrote:You can also use rate-limiting rules in your firewall. This for SSH brute force attacks:
rule 4 { action drop description "SSH Bruteforce prevention" destination { port 22 } log disable protocol tcp recent { count 3 time 600 } state { established disable invalid disable new enable related disable } }You could adapt it for mailserver by changing it to refer to port 25 (and any other ports your mailserver uses/is being attacked on).
The problem is that the mail server must accept multiple connections per second, just not hours/days on end.
