Yes indeed, we have already own dnsbl's for smtp and ssh/ftp access. How do you have one setup for dovecot connections?
-----Original Message----- From: James via dovecot [mailto:dovecot@dovecot.org] Sent: donderdag 11 april 2019 13:25 To: dovecot@dovecot.org Subject: Re: Mail account brute force / harassment
On 11/04/2019 11:43, Marc Roos via dovecot wrote:
A. With the fail2ban solution
- you 'solve' that the current ip is not able to access you
It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot login failures. My firewall is set to log these so I can see that few repeat, those that do repeat have intervals of >1 week. Blocking these has minimal effect (other than to clog fail12ban and the firewall).
- it will continue bothering other servers and admins
Which is why a dnsbl for dovecot is a good idea. I do not believe the agents behind these login attempts are only targeting me, hence the addresses should be shared via a dnsbl.