tyli schreef:
Dear list users
While trying to secure our dovecot server with fail2ban I came across the following problem: We use dovecot (1.2.9, ubuntu package) behind a NAT, and failed login attempts are logged with our firewall as the remote ip.
Example: Apr 15 08:36:26 mail dovecot: imap-login: Disconnected (auth failed, 6 attempts): user=<xy>, method=PLAIN, rip=192.168.0.1, lip=192.168.0.3
Therefore I would ban 192.168.0.1 which means that I ban EVERY user.
Funny thing is that POP3 login attempts are logged correctly: Apr 13 11:05:50 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<sgvyniwx>, method=PLAIN, rip=217.81.27.55, lip=192.168.0.3
Any ideas how to change this?
Thanks in advance tyli Could it be that imap is through webmail?
regards, Johan