22 Dec
2017
22 Dec
'17
7:10 p.m.
On 2017-12-22 13:23, Jeff Abrahamson wrote:
fail2ban isn't really the right tool to fight massive DDOS attacks. On the other hand, you don't seem to have that problem, so things work out maybe.
It's cleaner to know the future and ban the right things at the right times, but is there real harm from people trying bad logins from different IP's and you just wait for fail2ban to block each one? Your log snippet covers 151 minutes, even fail2ban would normally have unjailed ip's after that much time.
https://wiki2.dovecot.org/Authentication/Policy https://github.com/PowerDNS/weakforced
works much better imho.