I have PFSense too and it rocks! 

On Apr 22, 2020, at 14:52, byalefp@yahoo.com.br wrote:

Usually I use pfsense as main firewall with snort blocking all kind of scans and others.

Fail2ban triggering after 3 unsuccessful tries and for last iptables if Linux or ipfw If Freebsd

Keep pfsense synced with intrusion lists is an must have.

And for last, bans are not temporary on my setup, are forever, except if an real user after validate his info / data calls to unblock him.

There's some guides around about deal with post screen, but never get that working... RBL and spamhaus lists on mail server and on DNS are another must have.

Good luck

Atenciosamente,




Alexandre Fernandes Pedrosa


-------
Visite: https://alexandrepedrosa.com


PGP Key: https://alexandrepedrosa.com/keys/0xE830E3336A873BE6.asc

Fingerprint: 4D63 0DEC FDA4 A8D3 DF75  94DB E830 E333 6A87 3BE6 


Esta mensagem incluindo seus anexos tem caráter confidencial e seu conteúdo restrito ao destinatário da mensagem. Se você recebeu esta mensagem por engano, queira por favor retornar o e-mail e apagá-la de seus arquivos.

Qualquer uso não autorizado ou disseminação desta mensagem ou parte dela é expressamente proibido.


Note: "The contents of this e-mail are confidential and may be privileged.

This e-mail is intended for the exclusive use of the addressee(s) state under.

If you are not the intended addressee, please contact us immediately and delete this message from your computer, you should not copy this e-mail or disclose its contents to any other person."

Em 22 de abr de 2020 09:29, Johannes Rohr <johannes@rohr.org> escreveu:

Dear all,

what are the key strategies for intrusion prevention and detection with
dovecot, apart from installing fail2ban?
It is a pity that the IMAP protocol does not support 2 factor
authentication, which seems to stop 90% of intrusion attempts in their
tracks. Without it, if someone has obtained your password and reads your
mail without modifying it, you will hardly ever notice.

Is there a reasonable way of detecting and preventing logins from
unusual IP ranges? Or are there other strategies you would recommend?

Cheers,

Johannes