does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account? i suspect it would need to log geo location, device type and ip address to a database. it seems like a module like this would be very useful and should exist already? thanks in advance
On 19 Dec 2017, at 10:13, Matthew Broadhead matthew.broadhead@nbmlaw.co.uk wrote:
does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account?
Fail2ban can protect email logins. Alerting a user because random IP in Korean Middle School tried to login seems no helpful.
i suspect it would need to log geo location, device type and ip address to a database. it seems like a module like this would be very useful
How?
Blacklist failed logins. That protects everyone and doesn't induce panic.
-- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
On Tue, 19 Dec 2017 17:13:10 +0000 Matthew Broadhead matthew.broadhead@nbmlaw.co.uk wrote:
does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account? i suspect it would need to log geo location, device type and ip address to a database. it seems like a module like this would be very useful and should exist already? thanks in advance
https://github.com/PowerDNS/weakforced
-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org
On December 20, 2017 at 12:29 PM Marcus Rueckert darix@opensu.se wrote:
On Tue, 19 Dec 2017 17:13:10 +0000 Matthew Broadhead matthew.broadhead@nbmlaw.co.uk wrote:
does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account? i suspect it would need to log geo location, device type and ip address to a database. it seems like a module like this would be very useful and should exist already? thanks in advance
https://github.com/PowerDNS/weakforced
-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org
You could use weakforced with dovecot's auth policy
https://wiki2.dovecot.org/Authentication/Policy
Aki
participants (4)
-
@lbutlr
-
Aki Tuomi
-
Marcus Rueckert
-
Matthew Broadhead