Am 02.03.2015 um 11:34 schrieb Joseph Tam:
Dave McGuire writes:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you expect dovecot will handle a comma separated string with 45K+ entries any better. If you want to turn your global backlist into a per-user whitelist, that would be perfectly doable though.
Joseph Tam <jtam.home@gmail.com>
perhaps and i mean really "perhaps" go this way
https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/
https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-m...
45K+ IPs will work in a recent table i have them too but for smtp only like
echo 10000000 > /sys/module/xt_recent/parameters/ip_list_tot
combine with geoip might be a good idea too
is ultra faster then fail2ban cause no log file parsing is needed
or an other idea you might test, configure a syslog filter pumping in a recent table the direct way
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein