Nothing currently would block that,  you could disable ssl on the non 
ssl ports but that strikes me as a bad idea.
We could add a black listing feature for these attempts, but I'm 
reluctant to do that without being sure it's causing some
problem other than log entries as it might knock out real users in some 
situations.

Can you send me a bigger log section from mail.err and mail.log and 
imap.log and pop.log so I can see more context.

     ChrisP.


On 19/03/2016 6:18 a.m., David Camm wrote:
> over the past week or so, we been getting a tremendous number of 
> attempted logins that generate error messages like this:
>
> pop: ssl failed SSL error gave up after 6 seconds (20 attempts) (from 
> IP 208.95.135.96)
>
> and
>
> smtp: ssl failed SSL error gave up after 6 seconds (20 attempts) (from 
> IP 208.95.135.96)
>
> we added iptables rules to drop any traffic attempting to connect to 
> the secure ports (993, 995 and 465) as we don't support that, but that 
> didn't help.
>
> so, clearly the attackers are attempting to connect using the 
> non-secure ports with ssl protocol.
>
> is there any way, rather than allowing them 20 attempts to either ban 
> the ip or cut them off after a fewer number of attempts?
>
> this has become REALLY annoying.
>
> david camm
> advanced web systems
> keller, tx
>