On 22/04/2020 19:56 Benny Pedersen < me@junc.eu> wrote:


On 2020-04-22 18:45, Sami Ketola wrote:

Actually by far the biggest source of stolen credentials is
viruses/trojans harvesting them.
i tryed blacklist all ips that got passwords errors, but that ends in
big shorewall blrules so i turn it over to just add whitelist into
blrules where ips is known custommers that dont abuse server, that way
my shorewall got alot smaller config files to read and no kids from
outside can abuse logins that way, now i have maked php script that
monitors where abusers is from without give them access to abused ports

and i have seen the trojans or malware reveal strong passwords loose
aswell, the battle is only as strong as users using email programs

so for now i see no fails on logins anymore from the only whitelisted
asn range of trusted custommers ips

i just hope there would be free simple policy server for doevecot not
only for dovecot oy

we are in same boat all, dont let it sink

You mean https://github.com/PowerDNS/weakforced ?
---
Aki Tuomi