Dovecot Auth Tries Spam

Ron Leach ronleach at tesco.net
Mon Jul 7 13:38:07 UTC 2014


On 07/07/2014 14:22, Silvio Siefke wrote:
> service imap-login {
>    port = 12520
>
>    inet_listener imaps {
>    port = 12550
>
> <fail2ban>
> [dovecot]
> enabled = true
> filter  = dovecot
> action  = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
> logpath = /var/log/mail.log
>

Silvio, one reason why fail 2 ban is not trapping those may be because:
(a) in Dovecot you have defined your imap and imaps services to be 
ports around 125x0, whereas
(b) in fail2ban you have relied on the standard imap and imaps 
definitions, which are 143 (I think) and 993

Might you need to enter 12520 and 12550 in your fail2ban stanza, 
instead of imap and imaps?  Just an idea, I could be wrong; I've never 
set that up, myself.

You mention vpn.  There may also be a second problem with your network 
anyway, if 12520 and 12550 are vpn ports, because external traffic 
should not be able to appear on those, unless a vpn entry is 
compromised, somewhere.  (That is, assuming there is a separate vpn 
access control system outside of Dovecot.)

regards, Ron



More information about the dovecot mailing list