in the night of Jan 17, 2012 a robot from 88.2.164.178 seemed having scanned during one hour for addresses on our server. Below is only a little exerpt,
Questions:
1. is there a setup to block out an iP when mulitiple, unsuccessful connection trials are performed in a short time period?
2. in SMTP Module CGP checks for blacklisted servers. Is there also the same procedure possible for POP or IMAP connection trials?
Thanks
Urs
03:08:29.221 1 POP-018410([88.2.164.78]) failed to open 'abigail'. Connection from [88.2.164.78]:4154. Error Code=unknown user account
03:08:29.224 1 ROUTER SYSTEM: 'audrey@ems.ch' rejected. Error Code=unknown user account
03:08:29.224 1 POP-018413([88.2.164.78]) failed to open 'audrey'. Connection from [88.2.164.78]:4177. Error Code=unknown user account
03:08:29.236 1 ROUTER SYSTEM: 'antonio@ems.ch' rejected. Error Code=unknown user account
03:08:29.236 1 POP-018411([88.2.164.78]) failed to open 'antonio'. Connection from [88.2.164.78]:4173. Error Code=unknown user account
03:08:29.386 1 ROUTER SYSTEM: 'beth@ems.ch' rejected. Error Code=unknown user account
03:08:29.386 1 POP-018414([88.2.164.78]) failed to open 'beth'. Connection from [88.2.164.78]:4187. Error Code=unknown user account
03:08:29.597 1 ROUTER SYSTEM: 'benjamin@ems.ch' rejected. Error Code=unknown user account
03:08:29.597 1 POP-018415([88.2.164.78]) failed to open 'benjamin'. Connection from [88.2.164.78]:4192. Error Code=unknown user account
03:08:29.737 3 POP too many (100) streams open
03:08:29.737 3 POP [0.0.0.0]:110 <- [88.2.164.78]:4270 connection rejected
03:08:29.739 3 POP too many (100) streams open
03:08:29.739 3 POP [0.0.0.0]:110 <- [88.2.164.78]:4274 connection rejected
03:08:29.745 1 ROUTER SYSTEM: 'ashley@ems.ch' rejected. Error Code=unknown user account
03:08:29.745 1 POP-018416([88.2.164.78]) failed to open 'ashley'. Connection from [88.2.164.78]:4204. Error Code=unknown user account
03:08:29.755 3 POP too many (100) streams open