mirror of
https://github.com/aykhans/my-self-host-services.git
synced 2026-05-29 15:35:59 +00:00
18 lines
374 B
YAML
18 lines
374 B
YAML
type: leaky
|
|
name: stalwart/smtp-bruteforce
|
|
description: Detect SMTP bruteforce and scanners on Stalwart logs
|
|
filter: |
|
|
evt.Parsed.event_type in [
|
|
"smtp.invalid-ehlo",
|
|
"smtp.auth-not-allowed",
|
|
"smtp.auth-mechanism-not-supported"
|
|
]
|
|
groupby: evt.Meta.source_ip
|
|
capacity: 5
|
|
leakspeed: 10m
|
|
blackhole: 1h
|
|
labels:
|
|
type: attack
|
|
service: smtp
|
|
remediation: true
|