Dovecot Auth Tries Spam
Ron Leach
ronleach at tesco.net
Mon Jul 7 13:38:07 UTC 2014
On 07/07/2014 14:22, Silvio Siefke wrote:
> service imap-login {
> port = 12520
>
> inet_listener imaps {
> port = 12550
>
> <fail2ban>
> [dovecot]
> enabled = true
> filter = dovecot
> action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
> logpath = /var/log/mail.log
>
Silvio, one reason why fail 2 ban is not trapping those may be because:
(a) in Dovecot you have defined your imap and imaps services to be
ports around 125x0, whereas
(b) in fail2ban you have relied on the standard imap and imaps
definitions, which are 143 (I think) and 993
Might you need to enter 12520 and 12550 in your fail2ban stanza,
instead of imap and imaps? Just an idea, I could be wrong; I've never
set that up, myself.
You mention vpn. There may also be a second problem with your network
anyway, if 12520 and 12550 are vpn ports, because external traffic
should not be able to appear on those, unless a vpn entry is
compromised, somewhere. (That is, assuming there is a separate vpn
access control system outside of Dovecot.)
regards, Ron
More information about the dovecot
mailing list