Okay, I don't have a fantastic solution, but maybe you could run your pop3 server on a different port from the default port, so attackers that are just guessing you have pop3 because you SEND / ACCEPT mail will be thrown off the trail.  Of course it will mean informing all of your users ... which might be a major headache!

*that's what I did when I was just starting and people were trying to connect to my pop3 and I didn't even have any users yet ! ! !,  I changed port and now get no unwanted attention* 

Sometimes we get brute force attacks repeatedly trying to guess POP3 passwords. Is there some way to automatically throttle or short term black list an IP after some specified number of failed password attempts? I know we can manually block IP addresses. I would like to have it occur automatically.

-Paul

[quote user="Paul"]

Sometimes we get brute force attacks repeatedly trying to guess POP3 passwords. Is there some way to automatically throttle or short term black list an IP after some specified number of failed password attempts? I know we can manually block IP addresses. I would like to have it occur automatically.

I got tired of getting POP3 attacks such as these, which happened this afternoon.

Several hours later, after translating the Mercury daemon headers into Delphi.... I wrote a Mercury daemon in Delphi, and tried it out....

I tried connecting to my own POP3 server (just connecting, no password guessing at all, and it worked).  The trigger is for the same host to connect more than once in 5 seconds to the POP3 server.

Which Mercury version are you using?  The current one does have a short-term blacklist on MercuryP.

Edit: Ah, but that blacklist only works if the rejects are in the same connection - not if they are all separate as your example.

This would be useful extension for some admins.