I am getting brute forced to my email server, IMAP and POP3. I have the full package of ASL installed but it just sends me the OSSEC logs. How can I ban the IP.
I thought ASL automatically blocked these attacks after a few wrong tries. How can I do that.
Best Answer
If your kernel has support for iptables recent (most do), something like the following will allow 6 connections in 60 seconds, and then drop the connections from that IP address. Rather than writing a ton of rules to block varying IPs, you could do that.
alternatively if it was just one IP:
iptables -I INPUT -s 1.2.3.4/32 -j DROP
should do a quick and dirty drop of that IP