I leave well enough alone, but rev 2 got a new parser to allow more user control.
The documentation may be old. However the dovecot trigger does look for auth failed.
dovecot default imap-login: Aborted login (auth failed, 6 attempts): XYZ rip=6.6.6.0, lip=127.0.0.1
I run a personal email server and have the luxury of geographically limiting access to all mail ports other than 25. (I use 587). So I get few attempts at logins. Then again I can't access my email in 99% of the world in addition from hosting companies and cloud servers.
Original Message
From: jerry@seibercom.net Sent: May 22, 2020 3:38 AM To: dovecot@dovecot.org Reply-to: dovecot@dovecot.org Subject: Re: fail2ban setup centos 7 not picking auth fail?
On Thu, 21 May 2020 23:22:04 -0700, lists stated:
I use SSHGuard on well ssh (doh!), but supposedly you can use it for postfix and dovecot also. I can tell you it is well supported. I am on Centos 7 using firewalld.
SSHGuard works fairly well with Postfix; however, it is virtually useless with Dovecot. It never picks up on "auth fail" and a few others. I have submitted documentation and requests to SSHGuard, but they have never acted upon them, other than to say that they will look into it.
-- Jerry