On Tue, 18 Jul 2017, dovecot-request@dovecot.org wrote:
Thanks for the quick follow-ups! Much appreciated. After posting this, I immediately started working on fail2ban. And between my initial posting and now, fail2ban already blocked 114 IPs.
I have fail2ban with maxretry=1 and bantime=1800
However, it seems almost all IPs are different, and I don't think I can keep the above settings permanently.
Why not? Limited by firewall rules overload? You could probably use a persistent DB, can't you?
You can also use a third party RBL that specialized in brute forcers like blocklist.de. You can also feed back fail2ban data and crowdsource BFD data to them.
Joseph Tam jtam.home@gmail.com
Hi Joseph,
On 07/18/2017 11:10 PM, Joseph Tam wrote:
However, it seems almost all IPs are different, and I don't think I can keep the above settings permanently.
Why not? Limited by firewall rules overload? You could probably use a persistent DB, can't you? I meant: keep the "block after the first failed attempt" setting. People need the chance to change their password, so I have increased it to two.
You can also use a third party RBL that specialized in brute forcers like blocklist.de. You can also feed back fail2ban data and crowdsource BFD data to them. Yes, I will look into that now.
Thanks!
participants (2)
-
Joseph Tam
-
mj