On 21/07/2017 04:03, mj wrote:
Hi Robert,
i dont understand why you focused on that ldap strings fail2ban should trigger on some "Authentication failure" regex in the related syslog
perhaps this will help to make it more clear
http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot
Yes, but I have that as well. :-)
I wanted two kinds of blockings:
#1: Everybody trying the well-known passwords (password, 123321, 1q2w3e, etc, etc) to become blocked *immediately* and for *always*.
This can be very tricky at times and you may actually hit quite a few legit users who are using weak passwords and have forgotten / mistyped them by accident. Seen this enough times and the amount of support required to make a sloppy & lazy customer happy again isn't always trivial. If they're few and far apart you can live with it, otherwise you'll have to reevaluate it :)
Adi Pircalabu