Given the increasing attacks on servers, we are considering being more proactive in the defense, and one question raised of us was can we hook or have API integration into the primary ones:
SMTP
POP
IMAP
to log when authentication attempts have been made that have failed, and if so access their IP address, the username and password they tried.
This could help us to spot regular patterns or continued abusive attempts, and block them whilst also allowing us to document the dictionary password attempts being made to help increase password security.
I look forward to hearing from you.
Kind regards,
Scott
