I block all my email ports except 25 from countries where I am not going to be sending or receiving email. I also block many datacenters, but blocking Digital Ocean, Vultur and AWS will get you 90%of the way there. You will need to use 587, that is no auth on 25. Again no blocking on 25, just block the other email ports.
I get maybe one attempt to log into my email account a week. Yeah not as good as 2FA but it isn't a research project either. Just a little firewall programming. I get the CIDRs from bgp.he.net.
I am assuming this is a personal server.
A bit extreme, but you could set up a VPN on a VPS and only allow that IP to send and receive email.
Original Message
From: lists@luigirosa.com Sent: January 7, 2020 12:29 AM To: dovecot@dovecot.org Subject: Re: 2FA for Dovecot
Kees de Jong wrote on 06/01/2020 12:58:
My goal is to protect my mail account with 2FA, which isn't a crazy idea in 2020. Therefore, I would like to know the possibilities of configuring 2FA for Dovecot.
Use an authentication backend that supports 2FA, such as oAuth:
https://wiki.dovecot.org/PasswordDatabase/oauth2
--
Ciao, luigi
/ +--[Luigi Rosa]-- \