Suggestions for dealing with SMTP brute force attacks with ASM/PSM
We are in the process of firing up a shiny new ASM solution, and in doing so one of the areas we are looking for help in mitigating is SMTP brute force login attacks. I know that the ASM (or I guess more accurately the PSM) provides a SMTP security profile configuration that has some nice options for actual mail delivery and protocol access, but nothing specific to login.
Basically what we are looking to do is very much akin to the login page security options, where we detect SMTP login failures above a certain threshold and block the IP for a period of time.
Anyone out there have any suggestions? Something I'm missing (I'm new to ASM so apologies if this is a total n00b question)? Will the ASM in learning mode be able to detect and create a policy option based on this behavior in some other part of the configuration? Something an iRule could do for us?
Thanks!