One of my customer mail server is actually under attack. I don't have tons of knowledge about any kind of attack, but i've few questions:
1. All the log files show 'Invalid Username or Password', but the emails that they are trying to use to login are not fake email... they do really exist on our server. Is there a security problem or it's just too easy to get the email address from a server and it's not possible to prevent it?
2. What's the best way to prevent brute force attack on a mail server?
They are using an old version of MailEnable installed with Plesk. I've seen no such option as "Ban IP after X Invalid username or password".