Set maximum on login attempts?

[wxPhil]

Our server keeps getting hit by spammers/hackers trying to gain access, sometimes enough to bring the server down - the log files are full of failed login attempts. I know there are various options for limiting access, but I haven't really figured them out enough to be confident about setting them without limiting our own users (we need to send out a few bulk mailings of our own each day.) I guess what I want to do is to set a limit on the maximum number of failed login attempts from a given IP address before the server won't allow any more for, say, 20 minutes? Won't solve the problme for a dynamic IP attack, but it'd be a start... ?
Thanks for any advice...

[rob]

Sorry to hear about your misfortune. The best way to achieve this is to use the antihammering settings, available on a per service basis. Basically enable this option in each service you want it to affect. To adjust the timings and restrictions, these are avialble in the general settings -> advanced tab. Antihammering basically allows a limited number of login attempts before the IP is blocked for a specific time period. You can also enable max connetions per IP and max mails per IP in the general and SMTP settings. These will further help reduce the load. Of cousre this option will only help against DOS attacks, but is not effective at preventing them.

[wxPhil]

Thanks - but to be clear: does anti-hammering limit the number all login attenmpts or only failed ones? If failed ones, I'd set the limit to 3; if all, then it needs to be much higher, obviously.
..s'ok - I RTFM - a bit clearer now.... :/

[rob]

Antihammering only triggers on a failed login attempts, and of course is on a per IP basis. Should an IP provide x number of bad login details, that IP will be blocked for x amount of time. I should note positive logins dont have any effect on antihammering, and so users can login as many times as they need without conseqeunce. However, a positive login also doesn't reset the bad login count; so if the limit was set to 5, a user that failed 3 times, succeeded once, then failed a further 3 times... their IP will still be blocked.