22 Apr
2020
22 Apr
'20
3:34 p.m.
On 22/04/2020 15:29 Johannes Rohr johannes@rohr.org wrote:
Dear all,
what are the key strategies for intrusion prevention and detection with dovecot, apart from installing fail2ban? It is a pity that the IMAP protocol does not support 2 factor authentication, which seems to stop 90% of intrusion attempts in their tracks. Without it, if someone has obtained your password and reads your mail without modifying it, you will hardly ever notice.
Is there a reasonable way of detecting and preventing logins from unusual IP ranges? Or are there other strategies you would recommend?
Cheers,
Johannes
One suggestion is to use dovecot's auth policy feature, which works with e.g. weakforced to apply such restrictions.
Aki