recent versions of denyhosts offer protection for dovecot imap if enabled by scanning logs and adding firewall rules as well as hosts.deny rules. that may help
On 17/11/2023 10:18, Nick Lockheart wrote:
My original reason for asking was, in addition to setting up a new mail server, there was a topic that came up about port scanning.
My thought was, if the only people that need email services on ports 587 and 993 are employees, there might be a way to close down access to those ports to reasonable ranges that employees might actually use.
If ranges are assigned to organizations, and you knew that you only wanted phone access, couldn't you enter the IP ranges assigned to T-Mobile, AT&T, etc as a firewall rule to allow, else deny?
DENY Fail2Ban IPs ALLOW US Based Consumer ISPs ALLOW Our Office DENY others
That seems like it would reduce the number of people that could try to brute force your IMAP/SMTP logins.
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca On 2023-11-16 5:31 p.m., Jochen Bern wrote: On 16.11.23 16:56, Paul Kudla wrote: the ip that triggered all this says it is allocated from NL (Neatherlands) but physicaly exists in Hawii ? As someone working for a LIR, let me clarify a couple things: IPs get assigned to organizations. The registered contacts may well be that organization's main offices on one continent while the hardware actually using those addresses is located someplace different - and the users whose traffic gets its public IP from that hardware could well be in a third.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org