On Fri, 22 May 2020, Jerry wrote:
On Thu, 21 May 2020 23:22:04 -0700, lists stated:
I use SSHGuard on well ssh (doh!), but supposedly you can use it for postfix and dovecot also. I can tell you it is well supported. I am on Centos 7 using firewalld.
SSHGuard works fairly well with Postfix; however, it is virtually useless with Dovecot. It never picks up on "auth fail" and a few others. I have submitted documentation and requests to SSHGuard, but they have never acted upon them, other than to say that they will look into it.
That's the beauty of open source -- if you got time and skillz, you can roll up your sleeves and do it yourself. I peeked at the source, and it requires some Lex/Yacc coding. Even if you don't have those codng skills, you can probably make a good guess by looking at the .l/.y files.
The authors can make it a lot easier to extend if they externalize the patterns into runtime configuration like fail2ban does, rather than baking them into executables.
Joseph Tam <jtam.home@gmail.com>