Hi,
I just tried to check the failed auth attempts against email accounts, and its a non-stop brute force of bots, the default limits seems to not take any action against that, even that I set it to 3/1min.
I now have custom daemon watching and banning IPs, and it seems to help.
any one else have a better suggestion or how to improve this ? For example the Webmail doesn't seems to have any brute force protection at all.
